When companies use the GPL against each other, our community loses
byon October 2, 2019
Our Executive Director, Karen Sandler, has warned for years about the dangers of lawsuits between two for-profit companies engaged in a legal dispute in which the GPL is tangentially featured. Unlike Conservancy, companies don't use legal action as the last resort, and they don't select their cases, as we do, focused on what's best for the software freedom of users. Nevertheless, these cases happen, and the GPL gets caught in the crossfire. With the assistance of our legal counsel, Pam Chestek, Conservancy has been carefully following the case of Ubiquiti Networks, Inc. v. Cambium Networks, Inc.
Cambium and Ubiquiti have been engaged in this lawsuit with each other for a little over a year now. Ubiquiti sued Cambium, claiming that Cambium violated RICO, the Computer Fraud and Abuse Act, the Digitial Millennium Copyright Act, and the Copyright Act, along with other causes of action. Cambium responded alleging that the Ubiquiti products included code under the GNU General Public Licenses and Cambium's own use of the portions of the Ubiquiti code subject to the GPL would not be an infringement. The case is still in very early stages.
As experts in GPL compliance, we carefully investigated the situation with each company. Ubiquiti was already known to us as we had received independent GPL violation reports from the public regarding their behavior. (The suit itself brought Cambium to our attention.) We have found that neither company complies properly with the GPL. Specifically, in our analysis of the facts, we have found that both Cambium and Ubiquiti fail to provide any source code for their respective routers and access points, even when we repeatedly asked over the course of several weeks, starting more than 30 days ago. This is not an issue of incomplete source or partial source; we have received no source code at all to review. Furthermore, even if we do receive some source code, the firmware images currently available indicate that there may be additional serious, overarching GPL compliance problems that are not easily resolved.
As for-profit GPL violators, these companies financially benefit from GPL non-compliance by for-profit companies. Their litigation around GPL is a distraction from the bigger issue of companies' repeated violations of the GPL. We lament the irony that two companies have begun a fight regarding GPL compliance (and deployed immense legal resources in the process), yet neither complies with GPL's most basic provisions. Because of this, it's unlikely this suit will yield GPL compliance by either party, and makes the suit another example of how for-profit legal disputes inevitably fail to prioritize the software freedom of users. In essence, we believe their dispute is not about empowering their users with the ability to augment their devices by improving and upgrading the software on them, but rather is about who is able to keep more of their code proprietary.
Conservancy will not stand by while this occurs. As such, we have today opened (at this point, non-litigation) GPL enforcement actions against both companies. We are informing the public of this situation in this blog post, since we gave both companies the industry-accepted standard amount of time to comply, and since the two companies have already made their violations public through the lawsuit filings. We call on both companies to immediately comply with the requirements of Linux's license, GPLv2.
Please email any comments on this entry to firstname.lastname@example.org.