Verizon Being Sued for GPL Infringement

darthcamaro writes "According to the SFLC, Verizon can be added to the list of companies infringing on the GPL. They filed a lawsuit in New York yesterday (pdf) alleging that the company is handing out routers using the GPL'd software 'BusyBox' without accompanying source code. Today the SFLC spoke to the media to lay out its case: 'The legal action against Verizon come as the fourth action that the SFLC has undertaken this year on behalf of BusyBox on GPL issues. The GPL is a reciprocal license that requires users of GPL-protected technology to make their source code available to end-users. To date, the SFLC has settled with one defendant out of court. Two actions, facing Xterasys Corporation and High-Gain Antennas, are ongoing and Ravicher said he's optimistic about negotiations resulting in a resolution with each.'"

Is the router user-modifiable?

[Ed+Avis]

Do the users have admin rights on the router to install a new version of busybox? If not, sending them the source code seems like a pointless formality, like a map to a country you are forbidden from visiting.

Re:Is the router user-modifiable?

[morgan_greywolf]

Hmmm...you bring up an interesting point. If busybox were GPL 3, would Verizon then be forced to give users admin rights to the router?

Re:Is the router user-modifiable?

[LiquidCoooled]

Sounds like the archos 605.
It apparantly runs Linux but uses executables signed with their private key and people haven't yet cracked it open.

Shame really because they are nice.

Re:Is the router user-modifiable?

[micheas]

You can do tftp firmware upgrades to the router much like the Linux based Linksys boxes.

The uses I can foresee is modifying the ipstack and modifying snmp of the router. I am sure more creative minds than mine can come up with much more useful ideas.

Re:Is the router user-modifiable?

Bullshit. Their users can't install new versions on the box, but other developers can look for changes they've made, and possibly incorporate them into their own code. You could create a replica of the hardware, and install their code on it. You can find and point out security vulnerabilities. There's plenty of reasons you'd want the source, without being able to modify the code running on the box itself.

Re:Is the router user-modifiable?

[itsdapead]

sending them the source code seems like a pointless formality

(a) They don't actually have to include the source code with every router - just a written offer to supply the source code on demand. (I assume that the references to "including the source code" are journalistic imprecision or its gonna be a very short lawsuit).

(b) Users may also be developers who wish study the source code or to use or modify the software in other systems - as is their right under the GPL.

Anyway, most such products ship with a CD for plug-n-drool installation so how hard can it be to include a few source files?

Re:Is the router user-modifiable?

[Ed+Avis]

Agreed, but most of that doesn't help the users (who could download busybox sources from the net anyway). I'm just wondering what the point is to this legal action - if there is some wrong to be righted, or if they're just enforcing compliance because they can. I doubt that Verizon or the hardware manufacturer have made any enhancements to busybox.

Re:Is the router user-modifiable?

[pfleming]

Well, if you had RTFA (but this is /.) you would have seen that they state Verizon is distributing the binary from their web site. That nullifies any, "we're only renting the router" arguments. They are distributing binary. They have to distribute the source too.

Re:Is the router user-modifiable?

[homer_ca]

It's not locked down. Verizon gave me an Actiontec router free with FIOS service. You get the password, and you can reconfigure anything you want. You don't need to change anything, since the installer will get it working with your wireless laptop if you need the help (default setup is 64bit WEP). You can also use your own router, but if you get FIOS TV, you'll have to use the Actiontec because it has a coax out for the TV set-top box. I tossed it in the closet because wireless performance sucked. Not sure if it was WPA or incompatibility with the wireless client, but it barely worked in the same room.

They've got bigger problems - router is P.O.S.

[kannibal_klown]

The router in question is the ActionTec MI424WR. It's very pretty, and the web admin page is quite intuitive.

Unfortunately it has a MAJOR flaw. They're giving it out to their FIOS customers now, and the router shuts down when it gets hit too many times. This happens when using a Torrent, but also when refreshing STEAM server lists!

It's quite annoying, and since it's used by the TV set-top-boxes in the house it's kind of necessary. It's a shame, my 20Mbit connection can't handle Steam.

The problem was found a while back (when the casing wasn't as pretty about a year ago) but still no fix. I believe it has to do with a small NAT table.

Re:They've got bigger problems - router is P.O.S.

[darkmeridian]

Do you think a new firmware issued by OSS source code hackers can address the problem? I mean, Verizon should be jumping on this possibility of reducing costs.

Re:Infringed on the GPL?

Well, given that they are using the code one must assume that they have accepted the GPL or they would have no rights to it at all, so the failure to release source can be seen as a failure to comply with the license. They can of course argue that they never accepted the GPL at which point it's a plain copyright violation.

They don't really have to bundle the code with the units though. Just hand it over on request from a user. The article wasn't to clear on that. But I expect SFLC tried to ask them for it before it came to this.

I have this router

[EMIce]

They are handing it out these Actiontec routers with fiber optic service. It has a coaxial port which is WAN/LAN port (different frequencies for each), WAN ethernet port, and a few LAN ethernet ports. The coaxial LAN and cat5 LAN are bridged.

The TV set top boxes get IP addresses on the LAN via their coaxial connections. So these Verizon controlled boxes actually sit on my LAN in the same subnet as my PCs. They start at 192.168.1.100 while the PCs start at 192.168.1.2. Well I pinged then port scanned these Motorola set top boxes, and at least the HDTV DVR model of the box had it's VxWorks debug port left open. Interesting...

With the right tools I could imagine full access to the drive and the running software. So what does it take to work with this VxWorks debug port?

Some people may want to copy recordings out or enable the USB/Firewire to allow more than the 80GB internal storage included, but I am more curious if this untrusted box is doing anything I don't want on my home network. Few have the special equipment to tap these MOCA (multi-media over coax) wires between the router and the STBs, so this debug port might be a good way to check.

Uh-oh...

[idontgno]

I wonder if Verizon is the right place to be looking for the source code?

If the "infringing product" is, indeed, the Actiontec MI424WR, wouldn't the correct place to look be the manufacturer of the hardware and integrator of the firmware, Actiontec?

Looking on Actiontec's "Support: Open Source" website (http://opensource.actiontec.com/index.html), I see the following:

GPL Code Download is available for the following Actiontec products: Wireless Broadband Router Model MI424WR

The following is the portion of the Actiontec source code for the MI424WR Products.

List of modules:

busybox-0.50
Release Date Filename
11/27/2007 actiontec_opensrc_mi424wr.tar.gz

Hmmm... looks like Actiontec is at least attempting to honor the license. I haven't researched what's in the tarball, but at least it's there.

So, again, why is SFLC suing Verizon? I'm sure Verizon would argue that (A) they're just retailing and installing off-the-shelf hardware, and (B) any license liability is the hardware manufacturer's.

BTW: to the 4 anonymous cowards that I upmodded earlier in this article, sorry you lost my moderation bump. I hate wasting modpoints, but this seemed relevant and important.

Re:Uh-oh...

[strredwolf]

Verizon modded the firmware to at least display the Verizon logo on the router's admin pages. They usually supply the modded firmware themselves, so it's not Actiontec who's at fault (they are in GPL compliance). It's Verizon (with the modded firmware).

Re:Uh-oh...

[idontgno]

Now that's the answer which makes the most sense. If it's not stock firmware, and the altered firmware is in the scope of the original open source (i.e., not just simple aggregation), then yes, Verizon is obligated to honor source redistribution requirements.

But remember: not everything in the firmware image is necessarily open source. (Again, the "simple aggregation" criterion.) Therefore, not everything would trigger an obligation to share source.

TFA is a fine piece of press-releasemanship, but awfully light on technical goodness. Does anyone know of any in-depth analysis of the nature of the alleged infringement?

ObDisclaimer: IANAL, but ya gotta admit I can fake it pretty well.

Re:Uh-oh...

[mctk]

Seeing as you just gave us your opinion for free, I must point out that you don't fake it very well.

Re:Business World Fleeing The Viral GPL

[DaleGlass]

Oh, bullshit.

You claim that Verizon, a huge company, which probably employs quite a few lawyers is unaware about the terms under which the code is distributed? Here's a hint: Every piece of software comes with a license. There are much nastier things out there than the GPL, and it'd be outright stupid for a large company to use anything without having a lawyer through the terms.

Now, if this makes them stop using GPL code, that's a perfectly good thing. I for one write GPL code for very good reasons and prefer it not to be used to infringement.

Competition

[RAMMS+EIN]

Soon, the *AA will be forced to deal with a strange new concept...competition.

Soon, they will find that they are not the only ones prosecuting copyright violators...

Soon, they will be struggling to keep ahead of the organizations that prosecute GPL violations! ... and yes, these organizations _will_ take on the *AA, and there _will_ be a film at 11!

Verizon is distributing the software

[Chirs]

They're suing Verizon because Verizon is distributing the hardware boxes (and thus the embedded software).

Verizon could then turn around and sue the hardware manufacturer as well, but they themselves are still liable under coypright law.

Also, the GPL is quite clear as to when you are allowed to post a link to a website, and when you have to ship the actual source with the product.

Re:Verizon is distributing the software

[idontgno]

They're suing Verizon because Verizon is distributing the hardware boxes (and thus the embedded software).
Verizon could then turn around and sue the hardware manufacturer as well, but they themselves are still liable under coypright law.

I'm not sure if I buy that. At least, I don't think it's that simple. If I sell hardware with GPL firmware, and I don't do firmware support myself, I can't imagine that simply retailing the hardware incurs any kind of source code requirement.

I'm not considering whether Verizon can be sued--anybody can be sued for anything or nothing. I'm wondering whether Verizon should be sued. Whether Verizon is the right target.

Of course, those bets are off if they tailor the firmware themselves. See a comment later in the thread about that.

Also, the GPL is quite clear as to when you are allowed to post a link to a website, and when you have to ship the actual source with the product.

Really? I can't find it. Here are the conditions in the relevant version of the GPL, quoted directly from the Exhibit attached to SFLC's filing in this case:

3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following:

a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,

b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,

c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.)

3 distinct "or" clauses. The "link to a website" case is "b)", where the "ship the actual source" is "a)". Neither has any kind of enforced conditions. So I can't see what you're talking about. Please, enlighten me.

No, I'm sure the real crux of the case is not that Verizon is a big evil corp making megabux fighting network neutrality while stealing Free Software's precious bodily fluids; I'd be willing to be there's actually a sane and reasonable cause of action, like Verizon is modifying Busybox beyond what Actiontec did and not sharing its mods like Actiontec did.

Re:Verizon is distributing the software

[bug1]

"Pfft. Which part of "integrated" didn't you understand?"

The part that means "get out of jail free"

SFLC

[l2718]

SFLC is the Software Freedom Law Center. You can think of it as the militant arm of the Free Software Foundation (FSF), though one does not directly control the other. Its founder and main figure is Prof. Eben Moglen, formerly general counsel and board member of the FSF.

Re:How did they infringe?

[Rene+S.+Hollan]

That exemption is only available for non-commercial distribution.

Re:Replica of the hardware?

[sumdumass]

Depends on how you create it. If you purchased the chips, then presumably your patent obligations concerning them would be covered. If you purchased the radios pre-configured and so on, it could be the same. Think of it more like building a PC and selling it. You aren't actually building it as much as assembling it.

Now, according to the FCC and radio frequencies. If you purchased the radio broad/chip and antenna from the same manufacture, they might have already had it certified. If they haven't, then you can do this too. There are several companies that can help with it. Personally, I would attempt to get one already certified and then change out the antenna to something with a little more gain and act like nothing ever happened.

Is the router sold or rented?

[CustomDesigned]

If the router is owned by Verizon, and merely rented or provided for use by customers, then Verizon is not under GPL obligations - regardless of whether it is on customer premises. It is only if Verizon is selling or giving away the routers that they need to meet GPL obligations. The case of DRMed media and devices is weird. While ostensibly a "sale", you can't actually do anything with the product without permission from the maker. Thus Tivo and *AA companies are lying to consumers when they offer to "sell" DRMed media and devices. The media/device is still effectively owned and controlled by the maker. The best way for such companies to avoid GPL 3, stop lying to their customers, and still maintain the desired control, is to call a spade a spade and rent DRMed media and equipment. Call it a "long term rental" if you want. When I go to the theatre, I don't expect to be able to do what I want with their equipment.

Re:How did they infringe?

[roscivs]

That exemption is only available for non-commercial distribution.

Wow, that is ridiculously wrong. At least if we're talking about GPLv2, there's no difference between commercial and non-commercial distribution.

The fact of the matter is that if you're distributing GPL'd code in a manner that would violate copyright if no license were given (e.g. copying it), then you must distribute the source code (either directly or via a written offer).

Of course, if you're not distributing GPL'd code in a manner that would otherwise violate copyright (e.g. you don't make copies of it yourself, you buy devices with the GPL'd code already in place), then you don't have to do anything. TFA doesn't make it clear whether this is in fact the case with Verizon.