Displaying posts tagged Filings
(Software) Repair info on EnergyGuide labels: Conservancy replies to FTC's request
byon December 21, 2022
Software Freedom Conservancy has today submitted its reply to the FTC's request for comments on how repair information should be displayed on EnergyGuide labels. In particular, SFC has recommended that the FTC mandate a "Software Repair Instructions" section on the EnergyGuide labels that are already required on a variety of home appliances, including televisions, refrigerators, clothes washers, and dishwashers. This would not be a new notice requirement for most manufacturers, since it (currently) only requires manufacturers to provide the notice when they already had obligations under copyleft licenses to offer source code already. This merely changes the prominence of such notices, so that users can more easily see which products contain copylefted software (and thus software repair instructions) or not. This is important because many manufacturers make efforts to deemphasize or obscure their offers (if they have them at all), which prevents consumers from learning that they have rights with respect to their software.
We are very happy to see the FTC requesting comments on how repair information for home appliances can be better provided to purchasers of these products. While the FTC's EnergyGuide labeling program started out as a way for purchasers to better assess how much energy each appliance would likely use, and approximately how much that would cost them, the FTC has been taking a more holistic view of how appliance purchases impact the world, not just in terms of how much energy they consume while operating, but also how much energy is required to manufacture them and, consequently, how we can reduce the number of appliances going into landfills, reducing the number of new appliances that need to be manufactured. Free and open source software provides many answers to these repair and longevity questions, and we hope that appliance purchasers will be made more aware of this through the FTC's updated labeling requirements.
By making a lot more people aware that software repair information is available for a device, the chance of a repair community forming for that class of devices increases dramatically. And these communities are immensely helpful to device owners, both for fixing problems that may arise in the software (which can be shared quickly and easily after one person makes them to anyone with that device, regardless of their level of technical expertise), but also for maintaining that software long after the manufacturer has stopped supporting it, meaning they can keep that device operating safely for years to come rather than having to dispose of it, which increases landfill usage and needless new device purchases. We already have several examples of such communities, including SamyGO for older Samsung TVs, LineageOS for most Android phones, and OpenWrt for wireless routers. SFC has fought extensively to protect the right to install your own firmware on your devices. By showing people that software repair information is available to them, we can build many many more communities like these, keeping more devices lasting longer (and better serving their users' needs), and fewer devices in our landfills.
We recommend those interested in this issue read our submission to the FTC, and consider whether to make their own submission in support of this or similar (especially hardware) repair information requirements. While we hope our own submission carries weight and is deemed relatively easy to implement given that it requires no new information to be provided by most manufacturers, it would help for others to provide their own experiences with lack of easily-accessible software repair information to the FTC so they are aware of the extent of the problem. The comment period is open until December 27 (likely to be extended until January 31, 2023) and you can see more details about the FTC's request for submissions and submit your own comment here.
For those that do read our submission, note that the FTC has trimmed some of its attachments from the website. You can find the attachments here instead:
You may notice that SFC has suggested the FTC require manufacturers to provide a URL to their source code distribution website, while not mentioning other ways of fulfilling an offer for source code, which we normally request that manufacturers provide (such as offering the source code on a durable physical medium, e.g. a USB stick or optical disc). Our main reason for this usual request that manufacturers provide source code on a durable physical medium is that not everyone in the world has a reliable or fast Internet connection. As a result, if a manufacturer only provides source code over the Internet, the most disadvantaged people are further disadvantaged by not being able to download the source code for their device (most source releases are hundreds of megabytes, if not more).
With our reply to the FTC, we were trying to make the best argument based on current practices and the least amount of additional work for manufacturers (to improve the chance of our suggestion being adopted, and reduce the chance that a company could make any credible argument against it), while also keeping in mind the jurisdiction this ruling applies to (USA) and its Internet connectivity standards. Though not complete yet, the National Broadband Plan in the USA does have this aim: "Every American should have affordable access to robust broadband service". Given the balance of people in the USA already connected to broadband, and the strong intent to connect the rest, we felt it was practical to make the recommendation include only web-accessible source code as the labeling requirement applies only in the USA. Note that we still request manufacturers make source code available on a durable physical medium, and would advise the FTC to make this part of their labeling requirements as well if they felt it feasible to include.
Although we have much work to do to ensure that people purchasing free and open source software (as part of appliances and other devices they may buy) know that they can repair, maintain, and modify this software, steps like this from the FTC will bring us closer. We are looking forward to the FTC's decision on our recommendation, and hope to help more people access the information they need to make their devices work for them, for as long as they choose to keep them. Together we can improve our own lives, but also the lives of others, and our planet.
Conservancy Requests Three DMCA Exemptions to Let People Control Their Devices
byon September 16, 2020
Every three years, the US Copyright Office conducts a rulemaking process to consider exemptions to the anticircumvention provisions of the Digital Millennium Copyright Act (DMCA). These are the provisions of the law that make it a criminal offense to circumvent digital rights management technology (DRM). These provisions give technology companies far too much control over the technology people use, prohibiting all kinds of modification and tinkering in the name of “copyright protection.” We would love to see the anticircumvention provisions of the DMCA repealed in their entirety.
Until that happens, the rulemaking process gives us an opportunity to request exemptions that are strategically important for software freedom and essential for us to be able to control our own devices. This year we requested three new exemptions:
- To allow people to investigate whether software on a device violates free and open source software (FOSS) licenses, and to exercise rights that would ordinarily be granted by those licenses were it not for the technological restrictions
- To allow people to conduct good-faith testing, investigation, and correction of privacy issues—for example, think Internet of Things devices that phone home with more information than they disclose
- To allow people to install alternative firmware on routers and other network hardware they buy, to add or remove functionality as they see fit
All of these exemptions recognize the growing prevalence of small, dedicated devices in many people’s lives. We’re always horrified to learn when gadgets that should be innocuous like doorbells, thermostats, and baby monitors are spying on us, whether by design or careless programming. It should not be a crime for people to investigate these issues and take steps to defend themselves with devices they’ve bought and own—especially when the device is running FOSS that promises the user those very rights. Our requests call on the US Copyright Office to codify that common sense into law.
We also requested renewal of the exemption that allows people to install alternative software on smart TVs that we previously won in 2015.
These requests kick off the beginning of the process, where all new exemptions are requested. We can expect the Copyright Office to announce what exemptions are granted around this time next year. We’ll be sure to keep you updated on the process.
The Importance of Following Community-Oriented Principles in GPL Enforcement Work
byon July 19, 2016
UPDATE:2022-01-24: the Netfilter Core Team, one of the first groups to endorse our Principles of Community-Oriented GPL Enforcement have worked since that time to address concerns about McHardy's behavior discussed below. The Netfilter Core Team has now announced a settlement with Patrick McHardy (which follows a lawsuit they filed against McHardy in 2020 — that lawsuit was confidential until the settlement was announced (a practice that is common in Germany). The settlement requires all enforcement to be done in concert with a majority vote of the active Netfilter Core Team members, and also covers the exercise of contractual penalty provisions in contracts from past enforcement matters. The team also reiterated their continued endorsement of our Principles of Community-Oriented GPL Enforcement.
When we wrote the blog post below, we were the first organization to publicly criticize McHardy's use of enforcement in this manner, and we know many find this post when searching for information about McHardy's enforcement. We've left the remainder of the post as it original stood at its first posting for posterity. We now congratulate the Netfilter Team on standing by the Principles and effectuating legal mechanisms to ensure that they are followed for the benefit of software freedom. We look forward to coordinating with the Netfilter team in future enforcement that focuses on the right to software repair.
Our original post, as written on 2016-07-19, follows:
The GNU General Public License (GPL) was designed to grant clear permissions for sharing software and to defend that freedom for users. GPL'd code now appears in so many devices that it is fundamental to modern technology. While we believe that following the GPL's requirements is neither burdensome nor unreasonable, many fail to do so. GPL enforcement — the process to encourage those who fail to correct problems and join our open software development community — is difficult diplomacy.
Our community learned together over the last 20 years how to do this work well. Last year, Conservancy and the FSF published the concise but comprehensive Principles of Communited-Oriented GPL Enforcement. The Principles are endorsed by Conservancy, FSF and gpl-violations.org — the three historic community-oriented GPL enforcement organizations, as well as other non-enforcing organizations such as OSI. Recently, these principles were also endorsed by the Netfilter team, a core and essential group of Linux developers. However, despite our best efforts, we have been unable to convince all enforcers to endorse these Principles. Here, we express our concern and desire to ameliorate that situation as best we can. Furthermore, we also bring some transparency and context where enforcers seem unlikely to ever endorse the Principles.
One impetus in drafting the Principles was our discovery of ongoing enforcement efforts that did not fit with the GPL enforcement community traditions and norms established for the last two decades. Publishing the previously unwritten guidelines has quickly separated the wheat from the chaff. Specifically, we remain aware of multiple non-community-oriented GPL enforcement efforts, where none of those engaged in these efforts have endorsed our principles nor pledged to abide by them. These “GPL monetizers”, who trace their roots to nefarious business models that seek to catch users in minor violations in order to sell an alternative proprietary license, stand in stark contrast to the work that Conservancy, FSF and gpl-violations.org have done for years.
Most notably, a Linux developer named Patrick McHardy continues ongoing GPL enforcement actions but has not endorsed the community Principles. When Patrick began his efforts, Conservancy immediately reached out to him. After a promising initial discussion (even contemplating partnership and Patrick joining our coalition) in mid-2014, Patrick ceased answering our emails and text messages, and never cooperated with us. Conservancy has had no contact with Patrick nor his attorney since, other than a somewhat cryptic and off-topic response we received over a year ago. In the last two years, we've heard repeated rumors about Patrick's enforcement activity, as well as some reliable claims by GPL violators that Patrick failed to follow the Principles.
In one of the many attempts we made to contact Patrick, we urged him to join us in co-drafting the Principles, and then invited him to endorse them after their publication. Neither communication received a response. We informed him that we felt the need to make this public statement, and gave him almost three months to respond. He still has not responded.
Patrick's enforcement occurs primarily in Germany. We know well the difficulties of working transparently in that particular legal system, but both gpl-violations.org and Conservancy have done transparent enforcement in that jurisdiction and others. Yet, Patrick's actions are not transparent.
In private and semi-private communications, many have criticized Patrick for his enforcement actions. Patrick McHardy has also been suspended from work on the Netfilter core team. While the Netfilter team itself publicly endorsed these Principles of enforcement, Patrick has not. Conservancy agrees that Patrick's apparent refusal to endorse the Principles leaves suspicion and concern, since the Principles have been endorsed by so many other Linux copyright holders, including Conservancy.
Conservancy built a coalition of many copyright holders for Linux enforcement so that we as copyright holders in Linux could share with each other our analysis, strategy, plans and diplomacy. Much like Linux development itself, enforcement functions best when copyright holders collaborate as equals to achieve the desired result. In coding, Linux copyright holders seek to create together the best operating system kernel in history, and in an enforcement coalition like ours, we seek to achieve proper compliance in the best possible way for the community. (More collaboration is always better for various reasons, and we always urge copyright holders in Linux, Debian, Samba, and BusyBox to join our coalitions.)
Nevertheless, Conservancy does not object to individual copyright holders who wish to enforce alone; this is their legal prerogative, and with such limited resources for (and political opposition against) GPL enforcement on Linux, everyone who wants to help is welcome. However, Conservancy must denounce anyone who refuses to either endorse the Principles, or (at least) publicly explain why the Principles are not consistent with their efforts to advance software freedom.
There are few public facts on Patrick's enforcement actions, though there are many rumors. That his enforcement work exists is indisputable, but its true nature, intent, and practice remains somewhat veiled. The most common criticism that we hear from those who have been approached by Patrick is an accusation that he violates one specific Principle: prioritizing financial gain over compliance. Meanwhile, some who criticize Conservancy's enforcement efforts ironically believe we are “too nice” — because we don't seek to maximize financial gain, and therefore we ultimately fund some license compliance work with donations from the general public. Despite that criticism, and the simple fact that Conservancy's settlement funds from GPL enforcement usually fail to cover even the staffing costs associated with our enforcement efforts, we continue to abide by the Principle that compliance is paramount over monetary damages. While we sympathize with those who wish GPL enforcement would fund itself, we also see clear problems if an enforcer prioritizes financial gain over compliance — even if the overarching goal is more comprehensive enforcement in other areas.
Conservancy does all our enforcement specifically through a USA 501(c)(3) charity, precisely because that makes us transparently financially accountable. The IRS requires that our work benefit the general public and never bestow private inurement to anyone. Success in enforcement should never personally benefit one individual financially, and a charity structure for GPL enforcement ensures that never happens. Furthermore, the annual Form 990 filings of charities allows for public scrutiny of both enforcement revenue and expenditure1.
Conservancy, as a charity in the center of GPL enforcement, seeks to make enforcement transparent. We devised the Principles in part to clarify long-standing, community-accepted enforcement procedures in a formalized way, so that violators and GPL-compliant adopters alike can discern whether enforcement behavior is acceptable under community norms. We welcome public debate about any enforcement action's compliance with the Principles (i.e., its meta-compliance with the Principles). We encourage all those who enforce GPL to come forward to either endorse the Principles, or publicly propose updates or modifications to the Principles. (We've created the mailing list, principles-discuss, as a public place for that discussion.) We urge developers to state that they support enforcement undertaken in a principled manner, including litigating only as a necessary last resort and to never prioritize financial gain.
We chose the phrase “meta-compliance with the Principles” carefully. Applying the Principles themselves to compliance with those Principles seems apt to us. For example, we publicized the concerns about Patrick's enforcement only after two years of good-faith attempts to discuss the problems with him, and we waited for more than a year before publicizing the problem, and only after both ample warning to Patrick, and discussion and coordination with the Netfilter team. Just as we would with a GPL violator, we exhausted every path we could find before making this statement publicly.
Thus, we now call on Patrick to endorse the Principles or publicly engage in good faith with the community to discuss proper methods of enforcement. We further welcome anyone who does not currently abide by these Principles to join us anew in our coordinated community-oriented GPL enforcement work.
In conclusion, to contrast GPL enforcement with the much more common proprietary software litigation, violators should always have a simple and solid method to quickly resolve the rare legal action around the GPL: compliance. GPL enforcers should always seek compliance as the primary and paramount resolution to any enforcement matter. In this manner, where community-oriented enforcement exists and thrives, the risk for danger from lawsuits diminishes. Today's violators can then become tomorrow's contributors.
Finally, if you are in a situation where you are unsure what your obligations are under GPL, we urge you to read and study the Copyleft Guide to learn more about how to properly comply with GPL and other copyleft licenses.
1 Looking at Conservancy's Form 990s, you can see by examining Page 2 (Part III) (in FY 2011, see Page 25, Schedule O, for continuation) each year how much revenue Conservancy received from enforcement settlements, and how much Conservancy spends on license compliance activity. Most notably, Conservancy has not received a single dollar in GPL enforcement revenue since FY 2012.
2015 YIR: Karen Sandler Speaks about IRS Charity Issues
byon December 11, 2015
[ This is a blog post is the first in our series, Conservancy 2015: Year in Review. ]
Conservancy's 2015 started with the filing of our FY 2013 Form 990. That's the IRS tax(-exempt) form that every charity and trade association in the USA must file annually. Typically, most non-profits ask for the two three-month extensions for filing deadline for the Form 990, and since Conservancy's fiscal year ends in February, our Form 990 is filed by 15 January.
This is the type of essential work that Conservancy does for our member projects. Each member project need not file their own complicated forms to maintain their charitable status and ability to accept earmarked donations for their projects. Instead, Conservancy files one Form 990. We're “looking forward” to spending this holiday season preparing our next FY 2014 Form 990 and completing our mandated annual audit. (Our FY 2013 annual audit is of course already available.)
Fitting with this annual work that Conservancy does, immediately after filing the 990, both Karen and Bradley — thanks to generous travel funding by the conference — quickly boarded flights to LinuxConf Australia in Auckland, New Zealand. At the conference, on the very date of Conservancy's IRS filing deadline, Karen gave talk entitled The Low Down on IRS status for Free and Open Source Software Nonprofits in the US.
Even almost a year later, many of the issues Karen discussed in her talk are not well known in the Free Software community and there are still many confusions in the Open Source and Free Software community about non-profit status and how it works. Enjoy this video now to see more about what Conservancy does for its member projects, and generally to learn more about how both charities and trade associations operate and what they do in our community.
Become a Conservancy Supporter now to help us continue this work in 2016!
The video in this post is also available on Youtube.