Slashdot Mirror
What is the Best Way to Handle a GPL Violation?
DeadSea queries: "When you find that somebody is violating the GPL by distributing your code or a derivative of your code as a closed source product, how do you go about handling it? I have found two violations of the GPL for my Java Utilities, in the last month. The Free Software Foundation says that the copyright holder is the only person empowered to act. If you are the copyright holder, how do you communicate with the offenders? I know folks here must have dealt with this before: Linksys, SCO, Castle Technology, United Linux, and others. Personally, I would like to believe that with a little nudging (and without lawyers), I can resolve the things. As such, I would especially appreciate any example letters or other documents that might be effective."
I would suggest sending an informal e-mail asking if they understand that they're violating the GPL. If that doesn't resolve the problem, the next step might be e-mailing someone at the FSF for advice. If you really serious about it and the FSF can't help you, you may need to get some advice from a lawyer.
Of course, the Passive Aggressive way would be to simply decompile the byte code. Java decompilers are quite excellent at producing almost exactly the same source code as was there to begin with (minus comments). You could then put the GPL license at the top, post a copyright for the work they did. After that, send them a letter telling them that you assisted their efforts at becoming compliant with the GPL. You could even bill them with a consulting fee if you really wanted to get a funny reaction from them. Of course, if you did this, you would almost certainly need to find a good lawyer ahead of time.
What is the Best Way to Handle a GPL Violation?
Shoot on site!!
And we'll, uh... check out their websites... until they stop responding. That'll get their attention.
Get a lawyer. Asking for legal help on slashdot is about as dumb as asking us for medical advice. (It's possible that the advice might be good, but you could end up neutering yourself)
Call the company and ask for the contact information of their legal department.
Pay a lawyer a small fee to have him write a letter to the offending company suggesting that their GPL violation will result in litigation if they don't work with you to resolve the problem.
The offending company's legal department will probably ignore you if you address them directly, so it helps a lot to have a lawyer write the letter (and send it certified mail with return receipt - that always scares people)
I'd rather be a conservative nutjob than a liberal with no nuts and no job.
...but get a lawyer. They do this for a living. They're not all scum. Why, I bet you've got at least one lawyer friend. Pay them (yes, pay -- even if this is a friend) to write up a letter and send it to the violator.
DIY is great for things you enjoy doing. Writing letters to copyright infringers isn't fun for many people.
Or in the first place did you intend to demand that changes be rolled back into your project?
Well, duh. If I gave something away for free and then someone uses it to make a profit and doesn't even bother to help you out in the way you've helped them, I'd be pretty pissed off too.
Don't get me wrong, the BSD license has it's place, but if the main point is to keep the code free, what would you choose something that lets anyone take the code and make it non-free?
Not everybody misunderstands the thrust of the GPL. When I release code under the GPL, I do so for a very specific reason: I want to keep that code free. If I were to release something under the BSD license, it would likely only be because I don't much give a damn about that code anymore.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
1. Call the phone. Talk to them on the phone and explain the oversight. Be polite and approach the situation purely as a problem solver with a helpful attitude. But take notes and pay close attention to how they response.
IF THAT FAILS,
2. Craft a letter. Be professional but firm.
IF THAT FAILS,
3. Get a lawyer. A good one but one that will take the case for a percentage of this company that you are about to own.
Second, inform them that you are the author of the material that they are distributing, and that they have not fulfilled their obligations in order to obtain legal permission from you to distribute their changes to your code without making the source available, since the combined work (your code plus their changes) still contains your code and that code is still copyrighted by you and therefore still subject to your distribution requirements. They can comply with your copyright by removing every last line of code that you wrote or by releasing the source of their entire product. You can, at your option, also make alternative arrangements with them to grant them permission to distribute without the source in exchange for some compensation that you specify.
Doing it this way takes the focus off the fact that it's the "GPL", and it's viewed simply as a matter of straight copyright infringement, removing any possibility of potential discrimination against the GPL.
File under 'M' for 'Manic ranting'
I've sent emails, asking for the reasons why snippets of our source end up mysteriously in their commercial applications. In one case, a company (in Germany) came back stating that they happen to have the 5 same exact function names in their application, and byte-for-byte identical perror() strings to our application, but they insist they're not using any of our code, but claim that they did use it "for documentation purposes" when writing their application. That one is still open and pending, and we'll be doing protocol sniffs to see if theirs match ours. We have certain "fingerprints" in our protocol, which can only be done by using the source directly.
Another company I just found several days after the one above, seems to be using our code in a commercial BeOS project. They responded to my email, claiming that our code was used "as is" in their project, and then goes on to say "the use was re-configured to allow for easier additions". I don't see how they can claim both, in the same project. Either the code was used as-is (impossible, our code doesn't build on BeOS), or they modified it (and they must give us back the changes to those sources).
Another company directly took our code, removed all of our names from the project, replaced them with their own, slapped their own (non-GPL) license on it, and sold it to "partners" for quite a hefty fee. When we confronted them asking for an explanation, they basically told us to piss off. When we escalated, the CEO came back with, and I quote "If we end up in court, I will bankrupt these guys".
We also contacted this company's "partners", and asked them for the source to the changes they were also distributing. Every time we would contact these companies, the original company would threaten to sue us if we contacted their partners.
The FSF is involved in all of the cases. The investigations are still open, and pending.
Companies seem to think that because they have money, and most Free Software developers do not, that they can just slap us around left and right. The other point companies seem to try to "leverage" when they are clearly violating the GPL, is that the common myth that the "GPL Has Never Been Tested In Court(tm)", and since it has no basis, they can take whatever they want, and not give back. They seem to forget that the U.S. Copyright system backs up all of this code.
So what do we do? There are dozens upon dozens of cases where the GPL is clearly being violated; the MPlayer violation from KISS Technologies, the BusyBox Hall of Shame, and many more.
It doesn't matter what they took from him, only that it was taken. Someone could steal a potted plant or my automobile from the front of my house; the fact that the plant has little relative value next to the car doesn't make the theft of the plant any less a theft.
This has nothing to do with patent. This is a GPL violation. Get it straight.
You should first look to register your copyright. This costs $30 and is otherwise relatively simple. This gives you certain legal benefits in a potential litigation and serves as a deterence. You should start pouring over Title 17 so that you know the law. Don't be afraid to read it yourself -- copyright law is actually pretty accessible.
After that you should send them a letter stating that (1) your work is copyrighted and is not public domain (2) you offer a licence (the GPL) which is seeks certain forms of compensation in return for using your work. That compensation comes in the form of reciprical licencing to their derivitive copyrights. Provide them with a copy of the GPL. (3) State that they have made no attempt to comply with those terms. State the actions taken by them that violate the terms. State that they have not purchased or seceured any licence to use your copyrighted material in the manner they are using it. Don't be wishy-washy. Say things like "you are basing your business on piracy of my intellectual property". (4) State that as of this letter they are on notice that they are violating the law and that if they do not cease and desist then any willful and knowing infringment may be subject to increased penelties under the copyight law. (5) Remind them that damages for infringement include any profits attributable to the infringement.
If you feel like it, offer them a real licence to do what they are doing for an appropriate cost, say $2million or some other number you'd be happy with.
Don't be afraid to go talk to an IP lawyer. If you want to proceed beyond telling them to stop pirating your stuff, then this will be essential. Use the phone book. Make it clear to the people you talk to that you are interested in discussing retaining them on a contingency basis only, that your have registered your copyright, and that you believe a business is willfully pirating your code.
The GPL does not guarantee that the world can receive your project "Freely". It only guarantees that your project itself will be Free.
In order to guarantee that Freedom for your software, it is necessary to sometimes fight for it. Fighting for it usually means battling legal challenges to your rights as copyright owner. These fights will cost you money.
Freedom is not free. It is not even cheap.
I have been pwned because my
I had a dispute with a company that was screwing me over, and I called and called, and told them the specific laws they were violating and that the law entitled me to $1000 damages for each violation (there were two violations). It was like talking to a wall. They knew that the cost of taking them to court was more than the cost of paying the ransom they were demanding from me.
Then I had a lawyer call them. They rolled over.
The reason? I had an airtight case against them, and the fact that a lawyer was calling them meant I was WILLING to go to court, although I never actually had to. They'd lose badly in court, so they settled.
Call a damn lawyer.
In 1991, a crack development unit was sent to prison by a software patent court for a crime they didn't commit. These men promptly escaped from a maximum security stockade to the Linux Expo underground. Today, still wanted by the government, they survive as coders of fortune. If someone rips off your code, if no one else can help, and if you can find them, maybe you can hire... the C-Team.
The question is not, why did they steal it, but how can you be sure they stole it. If it's a trivial function every Java programmer can do in his sleep, and everyone probably would do it large the same way.
;-)
Java, unlike perl, does not offer 20 ways to do every problem, so if ten people program a Base64 encoder, nine of them would probably do it the same way (they would read the RFC and translate the C code literally to Java). The tenth guy would probably do something else and break things in the process.
No, companies rightfully think that because the GPL has yet to be tested in court, there's no case history, and they'll be able to drag it out in the courts forever...that they can walk all over you.
The only answer is to dot your i's, cross your t's- give the offender all reasonable chances to comply. If they don't do it in a timely manner, SUE.
Let me repeat that.
SUE.
Why? First off, chances are most of these companies really can't afford a legal battle either. If you file papers- I'd bet a lot of companies would simply recognize you're serious, and cave in. You negotiate for your legal fees and force compliance on them, and you're done. If not, and you have what most people feel is a solid case, you'll have the whole Open Source community behind you, because we'll realize just how important your case is. The FSF assists your lawyer(they specifically state they'll assist- they just can't pursue on their own), we help you pay for your lawyer with a legal fund through donations(I'd donate!), and so on.
Not to mention, it's a lot easier to ask a judge for access to the company's source code than it is to go through all sorts of hoops to prove it. Show the trail of breadcrumbs leading up to the door, and the judge won't have much of a problem letting you open the door to see if there's a mouse nibbling on a cracker behind it.
So we loose some market share because people think we're evil bad guys who go around suing(this is why it's important to give people a chance). Who gives a fuck about market share? We're in this for the CONCEPT. Loosing some market share is better than the open-source concept becoming a joke("why should I open-source my stuff, if someone's just going to rip it off tomorrow, and I'll have no recourse against them?")
All it will take is a few lawsuits, and everyone else chasing down violators will have ammunition and WON'T have to sue...but our "nice guy" methodology isn't going to play, because we have no teeth to back up our "please comply" requests.
Please help metamoderate.
Do NOT tell them they must now releaes all their source code to the public.
If that's what you want them to do, then say so. Don't pussyfoot around. You can't force them to release anything that is whole-cloth theirs, but you anything that's a clear derivative of yours, their legal choice is to release the source, or face a judge.
The first letter should be business like, and reasonably noncombative. If you'd be happy to just have them release the source code (on an ongoing basis), then let them know that, if they do so, you'll chaulk it up to a misunderstanding and let it be.Also let them know what if they force you to spend much more time onthe issue that you'll be charging just for your time. Remember that this is consulting rates, so $100/hour isn't even starting to get unreasonable.
It's probably worth mentioning that if lawyers start logging time, the price goes much higher much faster.
Send the message to the best contact you have at the company. If you can find their legal eagles, then CC the message to them.
I'd also CC a copy to a reasonably disinterested third party who would know to log the message for posterity. The FSF might be a good bet.
If they're distributing your code and/or documentation on the net , and they're clearly non-responsive, then you can also send a DMCA takedown notice to their ISP. (The law is there. You may hate it for other reasons, but it's a tool for you to use like any other).
Remember to stand firm on your rights. If they're using your code, you have the right to tell them to stop. If you're seriously pissed at them, you can simply tell them to stop distributing your code. If they refuse to stop, you can go to a judge and get an injunction against them (It would be in the context of suing them for copyright invringement).
If you want to get paid for the work that they've stolen, then decide how much you want per copy and ask them for it. Worst case is that they'll tell yo to drop dead and you'll be forced to go to court to get the money from them. Note: you can get more money if your copyright is filed... the sooner the better. Until the copyright is filed, the most you can get out of them is 'damages'.. which will (probably) top out at the actual price they are charging for the code. Once you filee, then the cap is the greater of actual damages and $30,000+ per copy. That $30L+ can be a pretty sturdy barganing tool.
Note: IANAL If in doubt, talk to a real lawyer. There seem to be a number of reasonably good ones at groklaw. Perhaps one of them lives in your area.
NoteL if you really don't think you are willig to drag these people thru court, then you can always assign your copyright to the FSF (or assign them the right to enforce it). At that point the FSF can start wailing on them with authority.
Free Software: Like love, it grows best when given away.