Precedent is Lacking When it Comes to GPL Enforcement

I have received many responses to my previous columns for LinuxInsider, and though I took a breather from columns for the summer, I wanted to follow up on a couple of the responses.

Drew Tech and Other GPL Cases

In response to my latest column, Eric Grimm, an attorney, writes a very civil and informative note to tell me about a GPL enforcement action he brought in Federal District Court in Eastern Michigan: Drew Technologies Inc. v. Society of Auto Engineers, Inc., which was filed in November 2003. This case was settled in early 2005, and as a result, it was formally dismissed this summer.

Drew Tech involved a program that was released by Drew Tech under GPL, and posted by an employee of Drew Tech on a message board run by SAE. Drew Tech sued SAE to compel it to remove the posting from its message board. The case was settled voluntarily by the parties, and the posting was removed.

Mr. Grimm (and many others, who are mostly not so civil as Mr. Grimm) also wrote to remind me that the GPL has been raised in other contexts, such as the MySQL case and the counterclaim in SCO. To non-lawyers, I imagine it must seem cavalier not to mention such cases when discussing open source enforcement. It’s fairly common to hear people claim that the GPL has “not been tested” in court. This is not the way I would put it, really, but neither Drew Tech nor the other cases have resulted in any legal precedent regarding the enforceability of the GPL.

Significance of Precedent

For those of you who have better things to do than be lawyers — and actually are kind and lucky enough to run the world while we lawyers sit back and advise — I should clarify what this means. What is legal precedent and why does it matter?

Our system of law in the United States is what is called a “common law” system. When judges make decisions in such a system, they rely on what is called case law — the written opinions on matters of law that are previously published by other judges. The other legal principal that lucky non-lawyers should know is that courts only inquire into issues that litigants raise. If this were not so, the legal system would be even more clogged than it is.

So, if I bring a contract lawsuit, and the defendant does not deny that a contract exists, the issue is not litigated, nor is it decided by the court. There may be many reasons why the defendant chooses not to raise the issue: perhaps the defendant wants to devote the limited pages of its motion filings to stronger arguments, or perhaps the defendant thinks it will lose the issue if it is raised. But all this is speculation, because the issue is moot.

Because of the way our common law system works, litigants in future cases will not be able to depend on the result in Drew Tech as legal precedent. In a common law system, the hard questions often do not get answered, because the enunciation of legal principals is driven by the controversy of the case, not what legal scholars want to know. Resolution by the courts on any legal issue, then, is likely to come only after a few false starts. So far, in GPL enforcement, we are still in that stage. Someday, a U.S. court will hand down an opinion on the enforceability or interpretation of the GPL. But not yet, and given the litigation currently in progress, probably not soon.

The CeBIT Letters

Mr. Harald Welte, who operates www.gpl-violations.org, wrote to correct some of the observations in my last article. There, I must confess, I misunderstood the sources I consulted, primarily consisting of Mr. Welte’s blog, but also various others that were not quite so accurate.

Mr. Welte wrote letters to several companies at CeBIT alleging GPL violations, and I had commented that some of the letters regarded alleged violations for which Mr. Welte did not have the authority to pursue legal redress. Mr. Welte has written to advise me, however, that he did have the legal authority to pursue claims in all the letters delivered at CeBIT.

“In some of the real enforcement cases (involving legal authority), I have enforced my own copyright. In some other cases, I have received copyright from other Linux (kernel) authors by a copyright assignment, or something equivalent in “Droit d’Auteur” countries like Germany.”

Mr. Welte has written letters regarding GPL violations to others in cases where he does not have authority to bring legal action (a fact I had heard, and which I mistakenly equated with the CeBIT cases). But in those cases, Mr. Welte advises, he has not made the letters public. Also, he has limited those letters to “cases where I knew from the copyright holders that they exclusively license that software under GPL, or have not granted a different license to the respective vendor. In such letters I made no claims that I was the copyright holder, or that I was to proceed any kind of legal action.”

Mr. Welte writes: “Obviously I reserve the right to inform any organization about illegal copyright infringement they might be committing, even if I’m not the copyright holder,” and I agree with him wholeheartedly. It is unusual, in the proprietary world, for people other than intellectual property owners to write such letters, but as in everything else, the open source world is a different landscape, and things are done differently here.

Personally, though, I am a big fan of freedom of speech, and as I mentioned in the column, Mr. Welte has the right to write letters regarding alleged GPL violations to anyone, anytime he chooses. In my column, I analogized this to a form of political activism, and such an analogy, in my view, is no criticism. Mr. Welte describes his efforts in this regard as that of a “good citizen,” and undoubtedly he is acting in the long and proud tradition of political activists everywhere.

Enforcing the GPL

Because I had Mr. Welte’s attention, and because I am curious about such things, and because Mr. Welte is clearly one of the most active parties in the world when it comes to GPL enforcement, I took the liberty of asking him a few other things that I thought my readers might want to know. I reproduce below the e-mail interview.

Q: Do you take the same position on the definition of derivative works that the FSF takes? In other words, for GPL code for which you have enforcement rights, do you think that all code that is linked to that GPL code, regardless of the dynamic or static nature of the link, should be covered by GPL?

A: I agree with the FSF that the technical mechanism of combining two pieces of program code (dynamic/static linking are just two possibilities) is not important. What is important is the level of integration between the two pieces. How independent are they? Do they work without each other? Can piece A be easily replaced with an (already-existing) alternative implementation, so that the APIs between A and B are somewhat of a standard?

So I think that either statically or dynamically linked programs will in most cases form a derivative work. In some minor cases, they might not. What is important when talking about static linking: It is mostly the issue of “… [the GPL terms] do not apply to those [non-derivative] sections] when you distribute them as separate works” (GPL, Section 2).

A statically linked program is distributed as one work. A dynamically linked program is distributed as several independent pieces. So a statically-linked program can not be considered “distributed as separate works”, and is thus not compliant.

Q: Do you have any plans to undertake enforcement outside of Germany? If so, do you have any thoughts on how the differences in legal procedure in other countries will bear upon your enforcement strategies?

A: I already did out-of-court enforcement outside of Germany. There are a number of amicable agreements with international companies. Most of them European, some of them U.S. On the other hand, Germany is the largest European market for IT equipment and consumer electronics. I doubt that many large international companies (based in the U.S. or elsewhere) would like to not offer their products in this market. As soon as the GPL-incompliant products are imported into Germany, there is someone who is legally responsible within German jurisdiction. Either a subsidiary, or an importer or distributor.

There was no court action outside of Germany since it was not required so far. Certainly I’m considering my options.

Another aspect is certainly the respective legal system. To me (like most of continental Europeans) the U.S. legal system seems awkward in many terms. However, I’ve been working in cooperation with the FSF (Free Software Foundation), the FSF Europe, the FSF France, and Eben Moglen from the SFLC (Software Freedom Law Center). If the need should arise, coordination/delegation of the actual enforcement would certainly happen.

Closing the Mailbag

That’s it for the responses, for now. I thank the many people who have written me, and obviously, most of their comments did not make it into the column and are committed to the obscurity of my e-mail inbox.

Next time, once more into the breach.