Slashdot Mirror
Verizon Being Sued for GPL Infringement
darthcamaro writes "According to the SFLC, Verizon can be added to the list of companies infringing on the GPL. They filed a lawsuit in New York yesterday (pdf) alleging that the company is handing out routers using the GPL'd software 'BusyBox' without accompanying source code. Today the SFLC spoke to the media to lay out its case: 'The legal action against Verizon come as the fourth action that the SFLC has undertaken this year on behalf of BusyBox on GPL issues. The GPL is a reciprocal license that requires users of GPL-protected technology to make their source code available to end-users. To date, the SFLC has settled with one defendant out of court. Two actions, facing Xterasys Corporation and High-Gain Antennas, are ongoing and Ravicher said he's optimistic about negotiations resulting in a resolution with each.'"
Do the users have admin rights on the router to install a new version of busybox? If not, sending them the source code seems like a pointless formality, like a map to a country you are forbidden from visiting.
-- Ed Avis ed@membled.com
Action against the rising cell phone companies will help them be a bit more reasonable!
Does one really "infringe on the GPL" in a case like this? It seems that the issue is an alleged infringment on someone else's code, as released under the GPL. I don't think we're talking about ripping off the license and producing their own cloned license without permission. Though that would be funny.
Don't disappoint your bird dog. Go to the range.
The router in question is the ActionTec MI424WR. It's very pretty, and the web admin page is quite intuitive.
Unfortunately it has a MAJOR flaw. They're giving it out to their FIOS customers now, and the router shuts down when it gets hit too many times. This happens when using a Torrent, but also when refreshing STEAM server lists!
It's quite annoying, and since it's used by the TV set-top-boxes in the house it's kind of necessary. It's a shame, my 20Mbit connection can't handle Steam.
The problem was found a while back (when the casing wasn't as pretty about a year ago) but still no fix. I believe it has to do with a small NAT table.
Zonk,
Is today officially "ArsTechnica Regurgitation Friday" or something?
Half the crap I'm seeing here on Slashdot this afternoon, I already read earlier today on Ars.
It's quite annoying, and since it's used by the TV set-top-boxes in the house it's kind of necessary. It's a shame, my 20Mbit connection can't handle Steam.
That's odd: I thought Steam was supposed to travel through a series of tubes...
Try putting a pressure gauge and valve just upstream from your router: if the Steam pressure goes up too much, you can close the valve. Easy peasy!
PS Get a whistle, too: your router will sound like an old train.
I want to drag this out as long as possible. Bring me my protractor.
Like when TimeLine threatened SQL Server users? Sounds real safe.
If management even knew it had GPL code, I'd imagine lawsuits will only make companies stop using all open source code. They will not bother to research which licenses are "safe". Companies don't want to give away trade secrets and they don't realize GPL software forces them to do so.
MidnightBSD: The BSD for Everyone
Verizon makes heavy use of GPL inhouse from what I can see. Apparently, inhouse, they were told to hold off on GPL in the early days of the sco crap, but now the lawyers say that it is good to go as long as the code is not going out of house. These ppl screwed up.
Nelson Muntz says, "Ha-ha!"
They are handing it out these Actiontec routers with fiber optic service. It has a coaxial port which is WAN/LAN port (different frequencies for each), WAN ethernet port, and a few LAN ethernet ports. The coaxial LAN and cat5 LAN are bridged.
The TV set top boxes get IP addresses on the LAN via their coaxial connections. So these Verizon controlled boxes actually sit on my LAN in the same subnet as my PCs. They start at 192.168.1.100 while the PCs start at 192.168.1.2. Well I pinged then port scanned these Motorola set top boxes, and at least the HDTV DVR model of the box had it's VxWorks debug port left open. Interesting...
With the right tools I could imagine full access to the drive and the running software. So what does it take to work with this VxWorks debug port?
Some people may want to copy recordings out or enable the USB/Firewire to allow more than the 80GB internal storage included, but I am more curious if this untrusted box is doing anything I don't want on my home network. Few have the special equipment to tap these MOCA (multi-media over coax) wires between the router and the STBs, so this debug port might be a good way to check.
I wonder if Verizon is the right place to be looking for the source code?
If the "infringing product" is, indeed, the Actiontec MI424WR, wouldn't the correct place to look be the manufacturer of the hardware and integrator of the firmware, Actiontec?
Looking on Actiontec's "Support: Open Source" website (http://opensource.actiontec.com/index.html), I see the following:
Hmmm... looks like Actiontec is at least attempting to honor the license. I haven't researched what's in the tarball, but at least it's there.
So, again, why is SFLC suing Verizon? I'm sure Verizon would argue that (A) they're just retailing and installing off-the-shelf hardware, and (B) any license liability is the hardware manufacturer's.
BTW: to the 4 anonymous cowards that I upmodded earlier in this article, sorry you lost my moderation bump. I hate wasting modpoints, but this seemed relevant and important.
Welcome to the Panopticon. Used to be a prison, now it's your home.
Is the enforcement of intellectual property rights good or evil on Slashdot today? It's an odd-numbered friday, but it's warm in the southern united states today.
I never did understand what "thrill" people get from doing this. Do you have some valid knowledge? A point? Come on, next you'll be bitching about my english.
P.S. I went to publick skewl and i right ok.
How much is your data worth? Back it up now.
I think I've got something similar here. My router is from German "T-Com" and doesn't come with source code for the firmware or any notice about GPL code packaged. On their website for downloading updated firmware, however, there's GPL'd source code.
So, my question: Doesn't that count as an infringement too? I would have never known about it if I didn't look for updates. They really should put the code on one of their countless CDs filled with manuals and crapware.
Oh, bullshit.
You claim that Verizon, a huge company, which probably employs quite a few lawyers is unaware about the terms under which the code is distributed? Here's a hint: Every piece of software comes with a license. There are much nastier things out there than the GPL, and it'd be outright stupid for a large company to use anything without having a lawyer through the terms.
Now, if this makes them stop using GPL code, that's a perfectly good thing. I for one write GPL code for very good reasons and prefer it not to be used to infringement.
Soon, the *AA will be forced to deal with a strange new concept...competition.
... and yes, these organizations _will_ take on the *AA, and there _will_ be a film at 11!
Soon, they will find that they are not the only ones prosecuting copyright violators...
Soon, they will be struggling to keep ahead of the organizations that prosecute GPL violations!
Please correct me if I got my facts wrong.
They're suing Verizon because Verizon is distributing the hardware boxes (and thus the embedded software).
Verizon could then turn around and sue the hardware manufacturer as well, but they themselves are still liable under coypright law.
Also, the GPL is quite clear as to when you are allowed to post a link to a website, and when you have to ship the actual source with the product.
Looks and smells like a troll... but marked as score: 1! Anyway, you'll get sued if you violated the licensing terms of closed source commercial software, too. So, this story demonstrates nothing of the sort you mention.
A fast cowboy since 2007
I'm just curious, since my eyes glazed over reading the PDF, how they are alleged to have violated the license? It was my understanding (noting my non-lawyer status) that you could distribute non-modified binary versions of GPL'd software all day and only need note that it is unmodified (meaning you can download it from the original authors or mirrors, to get the same software). I thought you only had to make available any modifications to that GPL'd software (a patch, say; which would fall under the same GPL).
If my above assumptions are correct, and they didn't modify the source, couldn't they just put up a static page saying "we use busybox on our routers, download it from over there" and be in compliance?
SFLC is the Software Freedom Law Center. You can think of it as the militant arm of the Free Software Foundation (FSF), though one does not directly control the other. Its founder and main figure is Prof. Eben Moglen, formerly general counsel and board member of the FSF.
Why do you assume the lawyers are looking at everything the programmers or whoever they outsource to is doing? Maybe verizon contracted it to a consulting firm in the US or elsewhere and didn't bother to look at the license?
I can think of a lot of things Verizon's lawyers might be doing including dealing with RIAA lawsuits against their customers. Big companies don't always think. If lawyers checked everything, we would never see patent lawsuits either. Think about it.
MidnightBSD: The BSD for Everyone
Oops, looks like the AC's post was Score: 1 when I looked at it because of my Anonymous Modifier preference setting. Never mind, nobody upvoted it. Slashdot is still safe.
A fast cowboy since 2007
The cost of using proprietary third party software is counted in dollars.
The cost of using custom proprietary software is counted in man/hours.
The cost of using GPL software is counted in lines of code (the ones that changed and you have to distribute).
Honest companies will choose the cheapest solution and pay for it.
Dishonest companies will pirate proprietary software or violate the GPL.
If the router is owned by Verizon, and merely rented or provided for use by customers, then Verizon is not under GPL obligations - regardless of whether it is on customer premises. It is only if Verizon is selling or giving away the routers that they need to meet GPL obligations. The case of DRMed media and devices is weird. While ostensibly a "sale", you can't actually do anything with the product without permission from the maker. Thus Tivo and *AA companies are lying to consumers when they offer to "sell" DRMed media and devices. The media/device is still effectively owned and controlled by the maker. The best way for such companies to avoid GPL 3, stop lying to their customers, and still maintain the desired control, is to call a spade a spade and rent DRMed media and equipment. Call it a "long term rental" if you want. When I go to the theatre, I don't expect to be able to do what I want with their equipment.
so that you
a) know there's GPL code in there
b) what your rights are to that code
because forgetting to put that in is a license violation (and not in the section you slectively quote).
Because the potential consequences can be quite horrible? Infringe on the copyright of somebody like Microsoft or IBM, and things can get very unpleasant, fast. There are many companies with nasty terms out there. Some for example specify you give the company permission to run an audit on you at any time. Possibly at your expense. Some specify in what jurisdiction any issues will be litigated. Those are serious issues, and a sane company just can't leave decisions like that to a programmer on the bottom of the hierarchy.
AFAIK, you can file a lawsuit for any reason. Look at SCO for instance. No proof at all, yet the whole thing managed to stay in court for years. You can bet they talked to lawyers before they filed it.
There are more uses for a lawsuit than the originally intended ones, look at SLAPP lawsuits or SCO.
Also, I'm not sure lawyers are that interested in a lack of lawsuits -- it'd be like an in-house programmer continously pointing to off the shelf products and not doing anything himself. I don't think years spent on giving advice to management and nothing inside the courtroom looks very good on a lawyer's resume.
It seems to me that for a long time, the GPL was viewed by most simply as an ideal, a nominal rationalization for releasing source rather than the license agreement that it actually is. Hopefully with the recent rash of GPL-violation lawsuits, companies will start taking seriously the protections granted by the GPL and the principles of open-source software design that it supports. Nothing like a few court trials to wake people up...
Fear the penguin.
When your balls have dropped, you cretinous little child, turn up in real life and I'll take your sorry life out before you can start pissing in the gene pool.
Actually, no, they wouldn't know. When's the last time engineers and lawyers sat down and talk about that kind of stuff. We don't.
Here's what typically happens:
Engineers design the SW and HW architecture.
Engineers determine what software tools and development packages to use.
Engineer A decides to use GPL'd tools or source code.
Engineer A MAY mention to management GPL use.
Engineering completes project.
Management approves project and MAYBE asks what licenses were used.
Marketing does some magic. Sales does some reading.
At the end lawyers come in to make sure everything is kosher.
IF Engineer A communicated to management and management realized how F*CKED up you'd be since Engineer A (like a dumbass) used GPL'd code, then MAYBE the lawyers would've known.
What happens in cases like this is that the lawyers take the blame although management screwed up by allowing Engineer A to use GPL'd code in the first place.
How do I know? Because when it almost happened with one of the products I worked on. I had enough sense to let my client know that licensing could be an issue. At that point the lawyers knew and they could work from there or even deny my request altogether.
Point is, being a large company doesn't make them anymore guilty, it just makes them more susceptible and visible to GPL infringement if their engineers don't realize how much of a burden it could be if they include it. Also, (please don't strike me down) it's not necessarily the lawyers fault either.
Your penis is miniscule.
There is no other conclusion that can be drawn from your post.
Turn up in real life and I will laugh at your tiny penis.
I'm happy to see this suit being filed against Verizon. They're the same Verizon who patented RFC's and then went after VoIP provider Vonage if you recall.
I hope their FIOS is a complete failure.
With either license, you can negotiate to be able to use under different terms. Now, with a commercial license, the guy might ask you for $10 buck for each box you sell/rent/whatever...With GPL, chances are, the guy might value code freedom above and sort of compensation you deemed reasonable.
Nobody's forcing you to use GPL'd code except perhaps you own realization that it'll cost a lot more to develop and maintain an in-house version of whatever networking tools you are using. Bottom line, don't want to release the code? fine! Just don't use GPL'd software.
The only possible interpretation of any research whatever in the 'social sciences' is: some do, some don't
Do you have a good example of this? Especially with these routers, last I checked, Linux and all its GPL'd-ness is still huge in the embedded world.
The only possible interpretation of any research whatever in the 'social sciences' is: some do, some don't
Ok, this is nit-picking, but it comes up every time there's a "GPL violation" in the courts/news. Verizon is not being sued for a "GPL violation". The GPL is NOT an EULA, it is a copyright license. They ONLY have the rights to distribute the GPL'd software in question if they abide by the terms of the GPL. If they are not abiding by the terms of the GPL, they don't have the rights to distribute the software *at all*, and since they continue to distribute it, they are distributing it in violation of copyright. Sure, I don't expect the media to get this right, but at least the Slashdot editors could. The subject should read "Verizon being sued for copyright infringement".
I think all GPL'ed code should be sold at some minimal price, say like 100yen, that way, if the engineer A wanted to use the GPL code, he would have to get someone to purchase it and at that point management perhaps might read the license and even forward it to the lawyers.
- Raynet --> .
Just don't use GPL'd software.
That's what I said. Just don't use GPL software and you will avoid this nonsense. Who wants to have some guy tell them that because they used some of his code they must now reveal trade secrets? Nobody. That is why the GPL going to go the way of the <blink>blink tag</blink>.
Sometimes I think BusyBox was created just so people could bitch about embedded manufacturers.
Don't blame me, I didn't vote for either of them!
Do you actually know what you're talking about, or are you just talking about some web interface?
There is a huge difference between being able to ssh in as root, and having the ability (with a web interface) to "reconfigure anything you want".
Simple example: The NAS we have at work, despite being basically a hard drive in a box with an ethernet port, does allow us to ssh in as root, which lets us use it for things it was not designed for at all -- for example, we could probably run BitTorrent on the box itself.
Compare that to my Linksys router at home, where if it's not on the admin pages, I can't do it. The only way to get more software on there is to upgrade the firmware, and I can't make my own firmware (at least, not for this one, I think).
Now, I understand that some systems are even more locked down -- some really do prevent you from making your own firmware at all, whereas some people have coaxed a custom Linux to run on Linksys routers that weren't designed for it. And some, your ISP basically disallows you from ever changing anything about the router.
But by "user-modifiable", what they are asking is whether we could recompile the Linux source and load new software, a new kernel, etc onto it.
Don't thank God, thank a doctor!
Specifically, is it impossible to do Linksys -> ActionTec -> Set top -> TV?
Or maybe some Linux box which fools the router into thinking it's on the Internet, if it won't work behind a NAT.
Don't thank God, thank a doctor!
Busybox is a userspace application isn't it? If I for example, included "gzip" on a CD with my installer, wouldn't I only have to distribute the source to gzip and not my application as well?
I don't see that Verizon would have to release the code to their router, just the portions that are gpl'ed (hint: gpl doesn't move from user space applications to others, only libraries that statically link).
This whole thing seems silly. The source code for Busybox, and all of the utilities that can be integrated into it, is already readily available. So, what is Verizon supposedly "withholding?" (Never mind the fact that the GPL, because it constitutes a "contract to make a contract," is invalid.)
I put my own router in place of the crappy Actiontec one for my FIOS Internet. However, they are saying they *require* their router if I want to use FIOS TV. No sale. Unfortunately that means I'll be sticking with Comcast for my TV.
Verizon does not use Linux as a favor to the people who created it. Those people allow Verizon to use Linux as a favour as long as Verizon share's its code. Unless for some reason you think that Verizon is good for humanity, you will see that stopping them from using open source is a benefit. Open source software allows them to do their business more cheaply than otherwise and be competitive against other businesses which use open source. If they switch to using only proprietary software their costs will increase and their ability to do things will decrease. This will open up more space for another competitor which does follow the GPL license to take over their business.
There are lots of other big companies who do check all their licenses and follow them to the letter. It's much more beneficial to replace Verizon with one of these companies than it is to encourage them to use the software even against it's license.
Thanks for proving my point:
You said "AFAIK, you can file a lawsuit for any reason. Look at SCO for instance. No proof at all, yet the whole thing managed to stay in court for years. You can bet they talked to lawyers before they filed it."
Thus the legal teams at big companies are busy fighting "random" lawsuits.
MidnightBSD: The BSD for Everyone
If you think that the business world is fleeing the "viral GPL", then why is Apple shipping every single Macintosh, and every single copy of Leopard, together with the gcc compiler suite?
The business world has no fear of GPL. The GPL is a license. If a business wants to use someone else's copyrighted code, then they check the license, and the cost, and decide whether the license and the cost are acceptable or not. Some companies will decide that using code licensed under GPL is not suitable to them. Microsoft would never add GPL'd code to Microsoft Office. Not because they are afraid of the GPL, but because they understand it and find the license terms unacceptable.
false, companies have lawyers that research ALL licenses in use or being considered for use. The GPL version 2 is very easy to understand compared to other licenses that go on for pages. And discovered violations of GPL have been for very obvious reasons, not some obscure violation of "section 5 paragraph 20 sentence 3" of some mountain of paper.
Of course, making the code available is important to the GPL. It allows other competitors to use Actiontec's enhancements.
However, the question is: why is this Verizon's problem? If a musical artist is found guilty of copyright infringement in using a sample, does this mean that the music retailers are liable for contributory infringement simply because they don't immediately pull all the copies from the shelves when they learn of the problem?
It seems to me that it does us all very few favors to go after Verizon in this matter. We complain about the issues of patent infringement and how much uncertainty that creates relating to software development. Now it seems that there are people who are trying to do the same with copyright. I see this as very troubling because this could easily hurt us (the FOSS community) as much as anyone else.
LedgerSMB: Open source Accounting/ERP
The issue I see with this is that we all know that there is not a piece of software out there that is safe from patent scrutiny, except perhaps the most basic Hello World application (and even there, the compiler or interpreter, runtime libraries, etc?). In short if people throw enough effort and money at it, one can make any software vendor, developer, or user pay.
It seems in this case that going after Verizon is like going after a second-hand music store because they are reselling albums that were previously judged to be infringing on a third party's copyright. This makes any sort of distribution and development very risky, whether commercial or open source, and it makes copyrights in general as dangerous to software development as patents are today.
LedgerSMB: Open source Accounting/ERP
If I buy a copy of Microsoft Windows Vista and resell it, I do *not* need a copyright license to do that. And the EULA is unenforcible at that point (there was a case involving Adobe which showed this).
This is a suit simply aimed to get a settlement from Verizon. I would actually be happier if they fought this one.
BTW, I make my living developing open source software, and I am very sympathetic to Busybox, but I do *not* think this gives them the moral right to sue up and down the chain. We complain about this sort of thing with regard to patents. We should not do the same thing with regard to copyrights.
The suit should be limited to ActionTec. What is next? Suing Radio Shack because they might sell some routers which infringe on GPL code?
LedgerSMB: Open source Accounting/ERP
Would Verizon ask Microsoft for copyright licenses for all third party technology licensed by Microsoft and included in each of their products that they use? For example, agreements with Sybase relating to SQL Server....
Yeah, right.....
THis is just an attempt to get the big guys to settle rather than limiting one's actions to the real culprits....
LedgerSMB: Open source Accounting/ERP
You can buy Linux systems at Walmart, does this make Walmart a party to the GPL? Under what theory of copyright law?
Next, we shall sue Walmart for not offering coupons for the source code to all people who buy products they merely distribute.
LedgerSMB: Open source Accounting/ERP
but i do know that westell's ultraline 3 runs linux and i can't find sources on their website for it
and westell is a major cpe provider for verizon
I'm sick of complaining about companies blatantly not caring whats even in an open-source GPL. I've lost many jobs because I wouldn't break the agreement or violate the law. RockBand the game's community portal was the latest nightmare scenario I've had... where the project manager admitted she didn't know or care if editing the Drupal code base was legal. (and didn't even have me sign an NDA)