Slashdot Mirror
GPL May Not Work In German Legal System
erbse2 writes "It may be that the (L)GPL can not be (fully) enforced under German jurisdiction. This is at least the conclusion professor Gerald Spindler of the jurisprudential faculty of the University of Goettingen came to when he examines the Legal questions of the open source software (It's long, it's complex and it's in German and it's written by a professor, so don't expect to understand anything, if you are not a German lawyer).
Heise News has the article in German, however, the fish may be with you.
IANAL, however, as one can put some of the legal problems aside, most of the concerns mentioned in there should provoke at least some thought by brave men around RMS."
for any legal system yet. It just hasn't been tested in the court. The SCO cases is supposed to be the first test, but that might not happen anyway.
Spindler spots jurisdictional uncertainties for all parties involved: Developers may be held liable if software does not work as expected, even if they only participated marginally in the development, rather than being a lead developer. Employers could walk on thin ice if they pay employees for writing Open Source Software. And buyers of such software must be prepared that liability is limited to the criteria common for items given away for free, i.e. severe negligence only.
But the same is valid for all commercial software in Germany too. EULAs have repeatedly been denied validity because of the german contract law. EULAs are a contract between you and the author of the software. But because you didn't buy the software directly from the author, but from a third party (the reseller, the company bundling the software with a computer etc.pp.), EULAs can't be enforced. All the author can impose on you is the priviledges he gains from the Author's Right (Urheberrecht).
This makes software under GPL in no way different than any commercial software you buy in Germany from a liability point of view.
The article says that even minor contributors to an open source software project might incur substantial liability if the software doesn't perform correctly, employers might be liable if they permit their employees to develop open source software, and yet users of open source software might not be able to get much protection if the software malfunctions. The whole thing sounds like scare tactics to me.
This is not surprising, since the study was commissioned by the VSI, an alliance of closed source software development companies, whose members are the usual suspects: Microsoft, Sun, Autodesk, and others. I suspect that if the BSA commissioned something similar in the US, they could find a "legal expert" giving the same kind of opinion.
In any case, if this really is the legal situation in Germany (or any other nation), the logical next step is to fix the laws. There is no reason to leave any legal uncertainty around BSD or GPL-like licenses: they are clearly one valuable and valid way of licensing software, and they are an important component of a free market in software.
This really is not news though as this point has been raised on numerous occassions.
Given that anyone not accepting the offered Free Software license for a software package has no right to use it at all anyway I don't see the problem - either use it under the available terms or don't use it.
If you give a lawyer (or a professor) the task to examine a contract and make a list of all possible weak spots in the contract, he (or she) will do so. Of course this lawyer might find very strong elements, but he (or she) is not being paid to list them ;)
So here you got a list with all things that might go wrong with the GPL in Germany. The same thing could be done with any contract (most contracts are dubious and open for interpretation).
You should thank the opposition (VSI) for giving their money to investigate your contract. Read it wisely and improve where necessary.
I'm a little unsure of the details of this (~9 years since I last read any German, so I didn't even try).
But they talk about liability and GPL software *customers*. Since when are people who donwload a GPLed project customers? If you get linux from IBM, say, then you're an IBM customer and IBM shouldn't release products without checking and testing all the code they're selling. But going from that to holding contributing developers liable is ridiculous (even if it is German law).
"This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY"
I think I've spotted some uncertainties myself:
Developers may be held liable if software does not work as expected, even if they only participated marginally in the development
followed by:
And buyers of such software must be prepared that liability is limited to the criteria common for items given away for free, i.e. severe negligence only.
These cannot both be true i.e. it cannot be that OSS developers are liable and yet buyers cannot hold anyone liable.
I think the guy is just trying to point out as many possible legal holes as possible. This is what lawyers do. Put any contract in front of a lawyer and they'll find holes it in. If they couldn't they'd be out of a job.
Secondly, no court was involved, but a German Professor of Law wrote a study.
And thirdly, the study was commissioned by a trade association of proprietary software companies -- what do you expect? Even without suspecting the author of willful misinterpretation, you can be sure that the sponsor carefully picked somebody who shared their vision or something to that effect.
Stephan
Open Source is NOT the main problem, the main problem *may* be the lack of liability.
...
Every producer of every product on Earth has some kind of liability. That's not different when producing software. Even if the EULA or the GPL claim otherwise. This problem gets worse with a software that is created by a team of volunteers in 10 countries around the world. Who is liable? Under which laws of which country?
There are a lot of other minor problems in the article. E.g. that you don't need to confirm that you agree to the GPL while installing the software. (That's similiar to unacceptable "with opening this box you agree to the EULA" when the EULA is *in* the box). You simply can't agree to sth. you haven't seen.
Btw., the article doesn't mention, how to fix the license. You'll get what you pay for
Bye egghat.
-- "As a human being I claim the right to be widely inconsistent", John Peel
For developers, producing commercial software for a company doesn't expose you personally to liability, it exposes the company. On the other hand, developing free software even if you only contributed a very minor part of that software, could open you up to liability for a severe negligence claim. Thus Free Software is Bad For Developers.
For a customer, you get certain rights if you are given software. If you are given it by a company and wish to exercise these rights (a claim for severe negligence), that's cool because it's easy to take companies to court. If you're given it by a bunch of Free Sofware developers, you're in trouble as they'll be much more difficult to track, it'll be difficult to prove they're the right developers and at the end of the day they probably won't be able to pay your settlement. So Free Software is Bad For Companies.
So: OK, in Germany, everyone is liable to a certain extent for the software they write (we knew that), but Free Software is worse off.
Raising the GPL as "exposing companies to legal risks" is playing games with concepts. The GPL defines what can and can't be done with software written under that license. It does not, and cannot, define commercial conditions and liabilities for using the software. This is firstly a matter for national legal systems, and secondly a matter for contracts between parties.
Let us imagine for a second that this is actually a fault in the GPL. Now, what about public domain software (not GPL), such as software freely provided by computer manufacturers, or by individuals or groups. Exactly the same issues apply: writing such software can expose the programmer and company to liability, and using such software means you have to accept that no-one is liable.
Now how about commercial software. Is this any different? No, it can be criticised for exactly the same reasons.
So, it's clear that the so-called study is a misdirection. The GPL is about ownership and freedom, the study is about legal liabilities. No matter who owns the software, the legal liabilities remain shared between the author and the user, as defined by contracts and legislation.
That the study was paid for by a group representing commercial software vendors suggests that the deep pockets of interested parties lie behind it. Why Frankfurt, Germany? Because Germany is at the fore-front of the OSS revolution. (Note that my company has been distributing OSS products since 1997 and a steady 9-10% of all downloads have been from Germany, against 40-50% from the USA and 30-40% from the rest of the world).
The study is bunkum and can be dismissed easily, since taken to its logical conclusion, no-one should write software at all, and no company should use any product whatsoever if they are not able and willing to sue the person making it.
Ceci n'est pas une signature
would the (L)GPL stand up under EU law, and isn't this applicable also to germany. In EEC member states EU law is paramount, and EU courts are the highest courts.
If federal officials decide that Linux merits the same export controls as Unix, experts fear that could end development of Linux by the open-source community.
What's that all about? Why wouldn't development of the export controlled sections of linux not continue to be developed in a whole bunch of non-US countries?
Comments like that one piss me off...
Warning: Opinions known to be heavily biased.
IANAL, but so basically it means: in Germany the idea is that the consumer has some inalienable rights. (Incidentally they also insist that employees have some inalienable rights, and are not at the mercy of the employer.)
I.e., it may come as a shock to some people from the USA, where the idea is that big corporations make the law and the common man must bend over and pull down the pants whenever some billion dollar company says so... but in Germany, and some other places in Europe, politicians still do something for the population, not just for Microsoft and IBM and the like. Maybe also because the population itself has not yet thrown in the towel and accepted that it's at the mercy of whoever is currently on top.
But either way, the idea is that Europe actually has laws, as opposed to letting the biggest bully make his own rules. Those laws dictate that as a customer (or again, as an employee) you have this and that right, and noone can bully you into accepting any less. No contract or EULA or GPL can override the _law_. If you bought something, you have the right to some warranty, for example.
That's what made it possible, for example, to override some provisions in Microsoft's own EULA. Not because it was or wasn't read by the buyer, as is usually the debate in the US courts. But because even if the buyer had fully read and understood all that, it would still have been a case of allowing one company to override the law in their contracts. It would have meant that Microsoft can effectively say "no, we don't want to obey the law." (I.e., not give the customer his legal rights.)
However, the same applies to the GPL too. If you sell some product, you have to support it and offer the legal warranty, and are liable if it does really bad stuff. Writing "ABSOLUTELY NO WARRANTY" can not override the law.
And, if you think about it, it already happens. If some German company goes and buys a copy of SuSe Linux, they'll get plenty of support from SuSe.
Should you worry about it for your own freeware utilities? Probably not too much, unless it reformats someone's database server. Or unless it's a cleverly disguised virus. Then you can start worrying a lot.
And, honestly, I fail to see why that's a bad thing. IMHO it's about time that the whole software industry had some responsibility for their actions. The standard has become selling disfunctional software and then hiding behind some EULA. Or sneaking in provisions which basically give some vendor full rights on your computer, just because it said so near the end of the EULA. And, well, maybe what's needed is precisely some consumer protection law stepping in.
A polar bear is a cartesian bear after a coordinate transform.
But there is no need to agree to anything on installation: the basis of the GPL is that there are no USE limitations. DISTRIBUTION, yes, but just because you didn't read the licence does not make you allowed to distribute, because you need permission to do so in any other case.
The only way you are allowed to distribute the application is by agreeing to the GPL. Don't like it? Don't distribute it, but that will not stop you in ANY way from being allowed to use it.
The author of free software grants you the explicit right to scrutinise the source code; therefore, in case of dispute {"Your software messed up my computer and I want payment!"} then there is a simple response: You could have known it was going to do that if you had read the source code.
Examining the source code comes under the heading of "due diligence". If an Open Source product breaks, then the negligence is on the part of the user, not the author.
If you read the instructions that come with proprietary software, they all tell you to back up your entire hard drive before you install the software. Even if Certain Operating Systems didn't intentionally make that impossible {so you can't follow the instructions to the letter, which might make those applications No Good anyway} I don't see that backing up an entire HDD is any less a ball-ache than reading several hundred pages of source code.
If you don't want to examine the source code yourself, you have to rely on other users' experience through the various forums that exist. Other people will have had experience, good and bad, with whatever software you're thinking of installing and, being the Open Source community, they will want to share it. Otherwise you're not really doing anything better than clicking an attachment in an email whose subject starts with "Re: {something you never sent}" and which originates from a total stranger.
Je fume. Tu fumes. Nous fûmes!
I have just read the conclusions at the end of the PDF and have the following comments to make although I'm not a lawyer.
Almost the whole basis of this professors's doubt about the GPL and the LGPL are based on doubts over legal responsibilities (The German word is "Haftung") i.e. who can you sue if your OpenOffice crashes and ruins your document. He makes some vaild points (the only ones I can make out as far as I can see) about the fact that under German law you cannot disclaim legal responsibility for a product you "sell" or provide in the market. He tries to claim that anyone involved in an GPL'ed software can be made responsible for the workings of the software.
What the good professor doesn't mention, but many other people on the Heise forums do mention, is that Microsoft's EULAa suffer from this exact problem in that the EULAs try to free Microsoft from any legal culpability as to the workings of it's software.
I personally think that the GPL should be proven in court. It should be so that it can finally be taken seriously by governments and Professors who get funded by Microsoft (This was indirectly funded by Microsoft) to undermine the GPL.
Just to review the core strength of the GPL, while the GPL may have many satellite weaknesses in many legal systems, it will always fall back on revocation.
That is, if you cannot apply the GPL, you MUST NOT apply it. As soon as you are without the GPL, you have source code and binaries for something that you are now not allowed to distribute without getting permission from the author, except as allowed by your country's take on fair use.
The GPL is a voluntary license, and you never HAVE to apply it if you don't want to. The fact that, in some legal systems, it may not be possible to apply it in some or all situations, simply means that you have what you are given, and you may not use it in ways that you are not allowed to by law.
The GPL doesn't apply to you unless you want it to.
IANAGL, but I think the point is that a lot of free software has no corporate backing; e.g. the author's are just a bunch of random guys who you might or might not be able to track down or sue. This is the case where users have no recourse.
On the other hand, if your corporation writes some new piece of free software which is contributed to by the public, or which incorporates pre-existing free code, you might be liable for that code which you had no control over; e.g. if there are deliberate backdoors.
No doubt there's FUD involved, but that doesn't mean that there's a grain of truth.
If your local laws don't allow the GPL, then the only law that applies is copyright, and copyright law does not (by default) allow distribution of someone else's work. That's fine.
What it means is that the GPL is really brittle. Anywhere that any clause of the GPL is invalid, GPL code cannot be distributed. In this specific case, it means that e.g. Linux install parties are illegal in Germany.
It's rare that you're presented with a knob whose only two positions are Make History and Flee Your Glorious Destiny.
Why on Earth has humanity (or at least, western civilization) reached this point where every misfortune that occurs has to be someone else's fault? Surely sometimes, maybe even often, it's no-one's fault in particular. Or it's your own damn fault. After all, shit happens.
And how come in Germany, as it seems, even if you disclaim liability to the extent that most software suppliers do, you are still to blame, even if you supply the software (as most Open Source suppliers do), essentially or entirely at no cost?
Good grief.
The question the article now asks is simply: Who is to blame, when something goes terribly wrong. When sth. with SAP goes terribly wrong: Sue them. When somebody distributes virus contaminated software: Sue them. But what, if the Linux kernel contains some backdoor? Blame Linus? Alan? Redhat?
That doesn't sound, to me, to be much different than the situation in the US. And it is something PHBs always claim to be worried about. Who can I hold responsible if the software deletes my database? The solution has been the creation of companies like RedHat that provide support and guarantee the reliability of the software they distribute (even if they don't write it themselves).
I think most people will agree you can't hold someone (like Linus) responsible for software they develop as a hobby and distribute for free because they want to. If you decide to download it and use it without some kind of support contract than you are on your own if something goes wrong (though I would like to think most developers would respond to problems/bugs provided you weren't a jerk about it). So how is it any different in Germany?
No comment on the copylefting stuff. IANAL
But what, if the Linux kernel contains some backdoor? Blame Linus? Alan? Redhat?
I would say you would go after whoever maintains the kernel you were using. Could be AC, could be Linus, could be SuSE, etc. That seems like the most logical answer to that question.
The concept of copylefting for example is difficult under German law (Urherbergesetz). "You own the copyright of everything you produce" is it's basis. That's to protect the producers. Bad for copylefting.
I don't think you understand how copyleft actually works. If I, as an American, release software under the GPL, I still own the copyright (and so do my descedents for 75 years after my death), I've just chosen to give up the exclusive rights copyright normally gives me. GPL is not public domain. GPL still protects the producer, just in a different way than copyright usually does. There is no difference in this respect between American and German copyright law, if what you wrote is accurate.
Cause you are liable for your products. The licence doesn't matter.
Which is exactly why the very first sentence in the GPL's NO WARRANTY clause contains the phrase "TO THE EXTENT PERMITTED BY APPLICABLE LAW." Considering this, where exactly is the conflict with German law? As far as I can tell this article is nothing but FUD. Then again, IANAGL, nor can I read German. If I've missed some crucial point please fill me in.
Under capitalism man exploits man. Under communism it's the other way around.
So much for free speech in Germany.
Seems to me the Germans actually have a clue. Their legal system allows someone to say "Either prove what you're saying, or stop spreading your filthy lies". I notice SCO carries on their campaign of bullshit in the only place that allows such bullshit to continue on a daily basis (and even publicises it in the media!).
So, don't agree with the GPL? No problem! You are not forced to accept it in order to use a GNU/Linux system or any other GPLed software.
But bear in mind that most countries have copyright laws, and you will be infringing copyright if you distribute copies of the program. You can't do that without the permission of the copyright holder, which means getting a licence. The GNU GPL might be one licence under which the copyright holder is willing to grant permission.
-- Ed Avis ed@membled.com