5

SFC files suit against Vizio over GPL violations

 3 years ago
source link: https://lwn.net/Articles/873338/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

SFC files suit against Vizio over GPL violations

[Posted October 19, 2021 by jake]
Software Freedom Conservancy has announced that it filed suit against TV maker Vizio over "repeated failures to fulfill even the basic requirements of the General Public License (GPL)". The organization raised the problems with Vizio in August 2018, but the company stopped responding in January 2020, according to the announcement.

"We are asking the court to require Vizio to make good on its obligations under copyleft compliance requirements," says [Software Freedom Conservancy executive director Karen] Sandler. She explains that in past litigation, the plaintiffs have always been copyright holders of the specific GPL code. In this case, Software Freedom Conservancy hopes to demonstrate that it's not just the copyright holders, but also the receivers of the licensed code who are entitled to rights.

The lawsuit suit seeks no monetary damages, but instead seeks access to the technical information that the copyleft licenses require Vizio to provide to all customers who purchase its TVs (specifically, the plaintiff is asking for the technical information via "specific performance" rather than "damages").

The complaint is also available.

(Log in to post comments)

SFC files suit against Vizio over GPL violations

Posted Oct 19, 2021 18:39 UTC (Tue) by ldearquer (subscriber, #137451) [Link]

> Software Freedom Conservancy, a nonprofit organization focused on ethical technology, is filing the lawsuit as the purchaser of a product which has copylefted code

This is good. If users have to expect a copyright holder action, and if copyright holders have to do all this legal stuff, GPL becomes quite unenforceable.

I think the lawsuit adduces breach of contract. Hopefully the court does not rule based on some accesory fact (like some recent famous case), and addresses the bottom of it. I guess it won't be an easy one...

As a user who has been in this case too many times, thanks to everyone at SFC!

SFC files suit against Vizio over GPL violations

Posted Oct 19, 2021 19:13 UTC (Tue) by fratti (subscriber, #105722) [Link]

A win here could be very good for the ARM ecosystem, and give me a lot more weekend projects of questionably written vendor device drivers to clean up and submit upstream.

On the other hand, I've had arguments with people who claimed GPL enforcement will ultimately weaken free software adoption as vendors will increasingly switch to proprietary software instead. This claim was based on the WRT54GL case, apparently, but upon reading up on it, it seems like the outcome of that case was exactly the opposite of what the claim would be: the router continued to sell even 11 years after it was introduced, thanks to its open firmware ecosystem, benefiting both Linksys and the customers.

(Also, honestly, what's the point of making companies use Linux if I don't get the ability to make it run mainline Linux?)

SFC files suit against Vizio over GPL violations

Posted Oct 19, 2021 19:29 UTC (Tue) by mjg59 (subscriber, #23239) [Link]

Linksys did end up transitioning the WRT54G (not the L) to vxworks and away from Linux, but that was accompanied by reducing the amount of RAM and flash on the board as well. On the other hand, pretty much the entire modern router market is Linux based, so it doesn't seem like enforcement inhibited Linux adoption.

SFC files suit against Vizio over GPL violations

Posted Oct 20, 2021 1:49 UTC (Wed) by WolfWings (subscriber, #56790) [Link]

That was less to avoid Linux and more they were reducing the cost of the router by cutting the RAM/Flash sizes significantly, and those smaller sizes were too small to squeeze Linux with the interface codebase they were running at the time. They released the "GL" line at the same literal time with the original larger RAM/Flash sizes, but a higher price point.

SFC files suit against Vizio over GPL violations

Posted Oct 19, 2021 20:32 UTC (Tue) by dvdeug (subscriber, #10998) [Link]

If I were building these things, I'd go with BSD, unless I could concretely show that the cost of dealing with the GPL was worth the difference of Linux. (Or VxWorks, as mentioned below, again, after a proper cost-benefit analysis.) As a sometimes free software developer, what's the value in using the GPL if people are going to use the software as if it were under the MIT license anyway? I'd say the GPL hurts free software more than helps it if it causes fights about KDE* and SSL, but proprietary developers just use it as if it were restrictionless anyway.

* Hopefully the fights are long dead, but I've been here a long time.

SFC files suit against Vizio over GPL violations

Posted Oct 19, 2021 21:01 UTC (Tue) by pizza (subscriber, #46) [Link]

> If I were building these things, I'd go with BSD, unless I could concretely show that the cost of dealing with the GPL was worth the difference of Linux.

Given that the choice is between "take a mostly-complete reference design & BSP built using Linux and tweak it a little" vs "build everything from scratch on something else" (which will take a non-trivial amount of money, and more importantly, time-to-market) I'd say there's a pretty significant difference.

FFS, basic GPL compliance is ludicrously cheap and easy, especially compared to the other licensing & compliance costs they have to incur by virtue of shipping MPEG-LA codecs, for example. Plus all the other proprietary crap that has nearly always required auditable-at-any-time accounting of software BoMs.

SFC files suit against Vizio over GPL violations

Posted Oct 20, 2021 8:29 UTC (Wed) by oldtomas (guest, #72579) [Link]

"...the cost of dealing with the GPL"

Nice obscure insinuation you have there.

Which "cost", pray, are you alluding to? Here, I must agree with pizza: the costs are derisory.

I call out the customary anti-copyleft FUD on that one, sir.

SFC files suit against Vizio over GPL violations

Posted Oct 20, 2021 8:51 UTC (Wed) by mjg59 (subscriber, #23239) [Link]

There's a pretty clear cost of dealing with the GPL. You need to either host downloads, ship source with your binaries, or have a process for dealing with requests. And to do that, you need to have a development and build process that allows you to identify which source needs to be shipped and package it appropriately.

There's a real cost here. I'll happily agree that it's outweighed by the benefits that using Linux brings vendors, and that in the long run having infrastructure that does the right thing is probably going to be better in a bunch of other ways as well. But using BSD would avoid all of that, and so copyleft software needs to continue to demonstrate that its benefits outweigh those costs.

SFC files suit against Vizio over GPL violations

Posted Oct 20, 2021 10:17 UTC (Wed) by dvdeug (subscriber, #10998) [Link]

I didn't respond to pizza because I didn't have anything to say to them; there are distinct costs of other options. But you are getting hostile and unfair.

I dot my i's and cross my t's on licenses, and it boils my blood sometimes to see other people who don't. I can't tell you how many time people have failed to followed a simple CC-BY license correctly. The GPL-2 requires, by my understanding, that if you ship the Linux kernel, you have to ship your particular configuration code to build your specific kernel, not just generic kernel source. Every time you ship a binary patch, you have to update your source code availability to include the version of the kernel you used for that patch and the configuration code you used. The GPL-2 gives no exception to shipping all source code or providing a written offer, except for non-commercial distribution; in theory, even if you're basing it on a particular version of Debian or Red Hat, you still need to provide source in lieu of pointing to their source repositories. (That is likely to be a difference between doing it right and doing it good enough.)

In any case, the GPL 2 is going to require, for every binary patch, that you have a system for making sure you're posting correct source along with it. That's an real cost.

I also see a difference here between FSF copyright assignments and Linux's lack thereof. For all the FSF copyright assignments are a pain, as a company, I would know who they are, and I would know how they work, and if there's some license requirement we were having problems with, I'd expect a polite note from them to start. If we were honest about trying to comply, I wouldn't be worried the FSF was going to sue us. With Linux, you can get sued in random jurisdictions by copyright holders with distinct interpretations of the license and distinct tolerances for (possibly debatable) deviations from that.

SFC files suit against Vizio over GPL violations

Posted Oct 20, 2021 11:26 UTC (Wed) by joib (subscriber, #8541) [Link]

> On the other hand, I've had arguments with people who claimed GPL enforcement will ultimately weaken free software adoption as vendors will increasingly switch to proprietary software instead. This claim was based on the WRT54GL case, apparently, but upon reading up on it, it seems like the outcome of that case was exactly the opposite of what the claim would be: the router continued to sell even 11 years after it was introduced, thanks to its open firmware ecosystem, benefiting both Linksys and the customers.

Yet on the other hand (or are we counting on feet already?) couldn't one argue that the WRT54 lawsuit kickstarted the DD-WRT and later openwrt projects, of which it appears at least a lightly skinned openwrt is the router OS of choice of many vendors? So Linksys may or may not have benefited in the end, but the entire ecosystem as a whole certainly did.

SFC files suit against Vizio over GPL violations

Posted Oct 20, 2021 20:00 UTC (Wed) by Cyberax (✭ supporter ✭, #52523) [Link]

There were router-focused distributions even before WRT. The novelty of WRT was that it was very lightweight, so it could work on devices with few megabytes of flash and still provide a Web-based UI.

The other advantage was hardware. Back then embedded Linux was a radioactive wasteland with barely-supported vendor kernels that hard-coded all the devices. But you couldn't get them anyway, because development kits often cost $$$$ if they were available at all. Linksys devices provided probably the first readily-available platform for ARM experiments.

SFC files suit against Vizio over GPL violations

Posted Oct 20, 2021 20:28 UTC (Wed) by joib (subscriber, #8541) [Link]

> Linksys devices provided probably the first readily-available platform for ARM experiments.

They did? I recall the WRT54G I had back in the day was MIPS, as was the follow-up 802.11n ath9k router I got. Current one is ARM, though.

SFC files suit against Vizio over GPL violations

Posted Oct 21, 2021 3:00 UTC (Thu) by Cyberax (✭ supporter ✭, #52523) [Link]

Sorry, meant to write MIPS. You're right, the early BCM-based devices were all MIPS32.

SFC files suit against Vizio over GPL violations

Posted Oct 19, 2021 21:21 UTC (Tue) by scientes (guest, #83068) [Link]

A good example of how to obey the GPL is Roku:

https://www.roku.com/separatelylicensedcode

(Although just spending a few minutes there I noticed that ARM's Mali GPU driver claims to be GPL.)

SFC files suit against Vizio over GPL violations

Posted Oct 19, 2021 21:50 UTC (Tue) by farnz (subscriber, #17727) [Link]

For me, your link redirects to https://www.roku.com/en-gb/separatelylicensedcode which is a 404 "Uh oh, looks like you are lost" page. I'm not sure that's a good example of how to obey the GPL…

SFC files suit against Vizio over GPL violations

Posted Oct 19, 2021 21:58 UTC (Tue) by rahulsundaram (subscriber, #21946) [Link]

> For me, your link redirects to https://www.roku.com/en-gb/separatelylicensedcode which is a 404 "Uh oh, looks like you are lost" page. I'm not sure that's a good example of how to obey the GPL…

That works fine for me and has a link to the license terms and the source code in

https://roku.app.box.com/v/RokuOpenSourceSoftware

A git repo with any patches split up in a separate branch would be even better but this is a step above many other vendors.

SFC files suit against Vizio over GPL violations

Posted Oct 19, 2021 22:02 UTC (Tue) by farnz (subscriber, #17727) [Link]

So it's either because I'm a logged in user (I used to own a Roku stick, and I'm still logged in on their system as a result), or because I'm not in the US, so they don't think GPL needs to apply to me.

SFC files suit against Vizio over GPL violations

Posted Oct 19, 2021 23:06 UTC (Tue) by dskoll (subscriber, #1630) [Link]

Mine leads to https://www.roku.com/en-ca/separatelylicensedcode which is also a 404. But if I explicitly change it to en-us, then it works for me. The actual code is hosted on Box.

SFC files suit against Vizio over GPL violations

Posted Oct 20, 2021 0:41 UTC (Wed) by scientes (guest, #83068) [Link]

No, it is just that they didn't see a commercial reason to translate that page, and didn't tell the webmaster that.

SFC files suit against Vizio over GPL violations

Posted Oct 20, 2021 2:44 UTC (Wed) by NYKevin (subscriber, #129325) [Link]

Strictly speaking, the GPL just says you have to provide the source code. There's no "and also you must provide a nicely-localized web page in every language which you otherwise support" provision (indeed, you're technically not even required to provide source over HTTP(S) at all, as long as source can be reasonably obtained). Assuming that their documentation (or manual, or whatever they put in the box with the stick) actually points to a URL that works, even if it's not the URL that search engines find,* English-only is not a GPL violation.

Would it be better if they included non-English translations? Of course! But they're not legally required to do so, and (good-quality) translation isn't exactly free.

* Another commenter has indicated that you can stick en-us into the middle of the URL to make it work for everyone. Being a USAian myself, I am not in a position to test this assertion.

SFC files suit against Vizio over GPL violations

Posted Oct 20, 2021 6:48 UTC (Wed) by madhatter (subscriber, #4665) [Link]

The issue isn't that they're not translating their page to all possible licences, which I agree they are not required to do, but that when many people follow the link to the sources they are simply told the sources don't exist on the site. The site's decision about whether the user gets the working page is based on a browser setting that the user is never informed about; only experimentation by LWN readers has turned the real link up.

I'd be quite surprised if that were held to constitute "equivalent access to the Corresponding Source in the same way through the same place". It would be better if they linked to the actual place where the sources are, instead of forcing everyone through an undocumented LANG-based adventure.

SFC files suit against Vizio over GPL violations

Posted Oct 20, 2021 7:22 UTC (Wed) by idrys (subscriber, #4347) [Link]

> The issue isn't that they're not translating their page to all possible licences, which I agree they are not required to do, but that when many people follow the link to the sources they are simply told the sources don't exist on the site. The site's decision about whether the user gets the working page is based on a browser setting that the user is never informed about; only experimentation by LWN readers has turned the real link up.

It's even worse: It drops me to the de-de page simply because I'm in Germany, even though I set en-us as my preferred content language; this persists even if I remove de-de from my list of preferred content languages. So it seems the redirection is location-based, unless you know to explicitly put en-us there; i.e. if I'm not in the US, I need to know about the en-us link, or I might think they don't provide the source code at all.

I believe this is rather incompetence than malice, though. One out of a long list of websites that insist to use the main language of the place you access it from, rather than one of your preferred languages.

SFC files suit against Vizio over GPL violations

Posted Oct 20, 2021 18:35 UTC (Wed) by JanC_ (subscriber, #34940) [Link]

This also means people who are travelling often get denied help/support because they get redirected to some page they can’t understand…

SFC files suit against Vizio over GPL violations

Posted Oct 20, 2021 18:03 UTC (Wed) by NYKevin (subscriber, #129325) [Link]

I was tacitly assuming that they put the en-us link in their documentation, and the no-language link only exists at all by accident (but search engines prefer the no-language link, because they assume it's the canonical version, or because the site has incorrectly annotated it as canonical). If that's not the case, then maybe they are in violation (I'm no lawyer), but it's a relatively small violation in the grand scheme of things.

SFC files suit against Vizio over GPL violations

Posted Oct 20, 2021 18:04 UTC (Wed) by farnz (subscriber, #17727) [Link]

The documentation with my Roku stick (including the onboard help) all uses the no-language link.

Mali + GPL

Posted Oct 19, 2021 22:22 UTC (Tue) by bnorris (subscriber, #92090) [Link]

> (Although just spending a few minutes there I noticed that ARM's Mali GPU driver claims to be GPL.)

Isn't it, though? The kernel driver bits are GPL (as they should be) [1].

Perhaps you're thinking about the *user space* portion of the driver, which indeed is not GPL. And that's the reason ARM's driver was never a candidate for inclusion in mainline Linux.

[1] e.g., for Chromium OS:
https://chromium.googlesource.com/chromiumos/third_party/...

Or for the Roku stuff:
OSS-NowTV_SmartStick > licenses > kernel-module-mali - generic_GPLv2:
https://roku.app.box.com/v/RokuOpenSourceSoftware/folder/...

OSS-NowTV_SmartStick > sources > kernel-module-mali-1.0-9999999 - kernel-module-mali.tar.gz:
https://roku.app.box.com/v/RokuOpenSourceSoftware/folder/...

Mali + GPL

Posted Oct 20, 2021 0:44 UTC (Wed) by scientes (guest, #83068) [Link]

But those pieces of code are completely dependent on and derivative of code from the same company for which the preferred form of modification is not available.

Mali + GPL

Posted Oct 20, 2021 0:57 UTC (Wed) by pabs (subscriber, #43278) [Link]

Now that the reverse engineered support for Mali is in mainline mesa, ARM's proprietary drivers are mostly irrelevant.

Mali + GPL

Posted Oct 20, 2021 4:12 UTC (Wed) by bnorris (subscriber, #92090) [Link]

That may be, but that doesn't affect the topic in question, which is whether Roku (or Vizio) is satisfying their GPL obligations and documenting licenses appropriately. No one is actually shipping Panfrost in products, at least not yet.

Mali + GPL

Posted Oct 20, 2021 11:25 UTC (Wed) by scientes (guest, #83068) [Link]

I am not attacking downstream users of the Mali driver. They are doing what is common (although it creates lots of work and madness for everyone involved—externalities to ARM), and should not be persecuted.

SFC files suit against Vizio over GPL violations

Posted Oct 19, 2021 23:10 UTC (Tue) by dskoll (subscriber, #1630) [Link]

Interesting timing! The lawsuit was only filed today, but I'm sure the CTO could see it coming. That sounds like skating rather close to insider trading.

SFC files suit against Vizio over GPL violations

Posted Oct 20, 2021 0:48 UTC (Wed) by scientes (guest, #83068) [Link]

> That sounds like skating rather close to insider trading.

If you multiple the stock price of Twitter by the number of stocks in circulation you end up with numbers that are bigger than countries, so talk of "insider trading" is just royal-blue-blood courtship gossip.

SFC files suit against Vizio over GPL violations

Posted Oct 20, 2021 2:53 UTC (Wed) by NYKevin (subscriber, #129325) [Link]

The SEC filing contains the following rather interesting text:

> The option exercises and sales reported in this Form 4 were effected pursuant to Rule 10b5-1 trading plans adopted by the Reporting Person on May 28, 2021.

Translated into English:

> On May 28, 2021, I wrote down a detailed plan of how and when my stocks would be sold, and gave it to my broker. These sales were made automatically by following that plan. The SEC has decided that this does not constitute insider trading, because I did not have control over the timing of this sale.

SFC files suit against Vizio over GPL violations

Posted Oct 20, 2021 3:44 UTC (Wed) by jebba (✭ supporter ✭, #4439) [Link]

> Rule 10b5-1
> "The SEC has decided that this does not constitute insider trading, because I did not have control over the timing of this sale."

Rule 10b5-1 isn't a get out of jail free card that exempts one from insider trading, sorry (cf. Nacchio Qwest case).

Vizio was aware of the potential issue back when they did initial filings at the beginning of the year. See their initial SEC Form S-1 Registration Statement filed March 1, 2021[1]. Such as page 55:

> "Some of our consumer devices contain “open source” software, and any failure to comply with the terms of one or more of these open source licenses could negatively affect our business."

So they knew it is an issue in general, but they didn't disclose that they have known issues that had already been raised by the SFC.

[1] https://d18rn0p25nwr6d.cloudfront.net/CIK-0001835591/cecc...

SFC files suit against Vizio over GPL violations

Posted Oct 20, 2021 4:43 UTC (Wed) by NYKevin (subscriber, #129325) [Link]

> Rule 10b5-1 isn't a get out of jail free card that exempts one from insider trading, sorry (cf. Nacchio Qwest case).

Sorry, you're right, I should have clarified that I was speaking in more general terms (i.e. "this *usually* does not constitute insider trading, because...").

SFC files suit against Vizio over GPL violations

Posted Oct 20, 2021 5:06 UTC (Wed) by nickodell (subscriber, #125165) [Link]

> Rule 10b5-1 isn't a get out of jail free card that exempts one from insider trading, sorry (cf. Nacchio Qwest case).

I don't think the Nacchio Qwest case is comparable. Joseph Nacchio was a CEO who lied about whether his company was going to land an important contract. He was in possession of material information (specifically, that he was lying) and traded on that information.

Here, the most you could argue is that the legal risk from misuse of open source software wasn't clearly disclosed in their S-1, or that the threat is more immediate than the disclosure implies. Given that the SFC lawsuit seeks no damages, and that Vizio's competitors are clearly capable of operating while disclosing modifications to open-source libraries, it seems hard to argue that the company is in much danger.

I agree in general that rule 10b5-1 does not protect an executive against charges that they traded on the basis of material nonpublic information if they learned that information prior to creating the trade plan.

SFC files suit against Vizio over GPL violations

Posted Oct 20, 2021 6:32 UTC (Wed) by NYKevin (subscriber, #129325) [Link]

To my mind, that S-1 language reads like a very boilerplate "we use FOSS" disclosure. It is worded as a hypothetical ("any failure to comply [...] could negatively affect our business") rather than a more concrete statement such as "we're in violation, we know we're in violation, and we're blindly hoping that nobody sues us for it." Companies put all sorts of hypotheticals in their SEC disclosures all the time. The whole point of such disclosures is to provide tons of speculative "here's how our business might fail" language, so that investors can make their own assessments about the plausibility and risk of each hypothetical.

Pick any big American company you like, and put "[company name] 10-k" into your favorite search engine. Then click on the top result and scroll to the "risk factors" section. You'll see lots of conditional statements like "our business depends on [X], and if [something goes wrong with X] then [we will have a problem]." Statements of this form do *not* imply that anyone thinks X is actually a problem, just that it hypothetically could become a problem.

SFC files suit against Vizio over GPL violations

Posted Oct 20, 2021 15:10 UTC (Wed) by jebba (✭ supporter ✭, #4439) [Link]

> misuse of open source software

Also known as software piracy. If that is true, then they committed more criminal offenses too.

SFC files suit against Vizio over GPL violations

Posted Oct 20, 2021 15:39 UTC (Wed) by rahulsundaram (subscriber, #21946) [Link]

> Also known as software piracy.

https://www.gnu.org/philosophy/why-free.en.html

"Owners use smear words such as “piracy” and “theft,” as well as expert terminology such as “intellectual property” and “damage,” to suggest a certain line of thinking to the public—a simplistic analogy between programs and physical objects."

SFC files suit against Vizio over GPL violations

Posted Oct 20, 2021 15:48 UTC (Wed) by jebba (✭ supporter ✭, #4439) [Link]

> misuse of open source software

Perhaps violating 17 U.S. Code § 501.

SFC files suit against Vizio over GPL violations

Posted Oct 20, 2021 8:41 UTC (Wed) by jamesh (guest, #1159) [Link]

The complaint involves some interesting language. It asserts that Vizio is relying on the GPL to distribute the software on the TV without providing any evidence of this. So Vizio could potentially shut down the lawsuit very quickly by asserting that they aren't relying on the GPL, and the customer has no standing to request source code or any of the other remedies they seek.

However, if they do that then it makes a developer-side law suit far easier. Rather than having to convince the court that the manufacturer's behaviour doesn't conform to the terms of the license, they can go straight to the fact that the manufacturer had no other license.

This is particularly relevant for the case at hand, since the Conservancy represents the developers of some of the software at hand. So shutting down the first law suit would directly provide evidence for a second.

SFC files suit against Vizio over GPL violations

Posted Oct 20, 2021 13:56 UTC (Wed) by mcatanzaro (subscriber, #93033) [Link]

> This is particularly relevant for the case at hand, since the Conservancy represents the developers of some of the software at hand. So shutting down the first law suit would directly provide evidence for a second.

They've already precluded this argument by claiming the opposite, so that won't happen.


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK