![[RSS]](/static/img/feed-icon-14x14.2168a573d0d4.png){kind=icon}
Conservancy BlogDisplaying posts
tagged GPL
by on April 2, 2026
Last week, the Federal Communications Commission in the United States (the FCC) banned the sale of all new models of home routers not made in the U.S., which is ... all of them. The stated reason for this is that routers "pose an unacceptable risk to the national security of the U.S. or the safety and security of U.S. persons." A router manufacturer can apply for a "Conditional Approval" exemption to try and convince U.S. government bodies that their router should be allowed into the U.S., but this requires "A detailed, time-bound plan to establish or expand manufacturing in the United States" and "A description of committed and planned capital expenditures, financing, or other investments dedicated to U.S.-based manufacturing and assembly", and "an update on the status of their onshoring plan once a quarter" among other impractical asks. Devices built in the U.S. generally cost at least twice as much as devices built in Asia (see the Librem 5 (USA) for example) because U.S. manufacturing facilities are not ready with the scale and efficiency required to enable competitive pricing. The reason we chose to build the OpenWrt One in Asia is that it makes sure the device is as feasible as possible for people around the world to purchase. We expect it will take decades before the U.S. is ready to produce competitively-priced devices - user freedom can't wait that long.
And, in case you were hoping to buy an OpenWrt One, don't worry: the One has already received FCC approval so there is no change to its availability in the U.S. Naturally, we are concerned about the effect this has on any new hardware that SFC might develop, but this decision by the FCC does not create any near-term problems for us, or for FOSS generally.
We do applaud the FCC for recognizing how important home routers are to people's security. While the rulemaking is misguided, it's absolutely correct that the proprietary router manufacturers be accountable in relation to the hardware and software that individuals bring into their homes and their lives. We believe that manufacturers of routers that are primarily FOSS are in a much better position to evaluate the security of their devices, and so we analyzed the rulemaking taking into specific account its software aspects.
While the FCC decision focuses mainly on hardware, there are also some requirements for software. In particular, the FCC has hinted that it may restrict updates to existing hardware, in particular that existing routers "may continue to receive software and firmware updates that mitigate harm to U.S. consumers at least until March 1, 2027".
Since software updates to already-FCC-approved devices do not require a new FCC approval, it appears the FCC is trying to move beyond its usual authorization procedures to restrict what manufacturers are allowed to push to existing routers. However, the FCC notably does not restrict software changes made by owners of routers in the U.S. In particular, there is no indication that updates people make to their own routers, using software they have sourced themselves, would run afoul of any past or present FCC rule.
As a result, we do not believe that this new FCC decision affects whether and how people can run OpenWrt or other user-selected firmware updates on routers they have already purchased. Not only is this an important right in relation to our ownership and control of our own devices, it also ensures that people can keep their routers secure for far longer than the manufacturer may choose to provide security updates, by allowing them to install up-to-date community software that supports routers for 10, 15, or even more years after their initial release date, as OpenWrt does for many devices.
This leads us back to the stated goal of the FCC in making these changes: to ensure that routers do not "pose an unacceptable risk to ... the safety and security of U.S. persons." We certainly agree that all persons (including U.S. persons) should use technology that is safe and secure. And there are standards that exist to ensure this is the case, such as NIST IR 8425A, which the U.S. government already paid to research and produce and, alongside NIST, is recommended by Consumer Reports and other right-to-repair groups already. We have been assessing our existing processes (for OpenWrt, and especially the OpenWrt One) against NIST IR 8425A, and are now accelerating those efforts to ensure we can show that routers using OpenWrt are indeed safe and secure, as determined by independent bodies. This not only helps U.S. persons, but everyone around the world, as OpenWrt is available to anyone regardless of whether they are in the U.S. or not. We strongly encourage any regulation targeting safety and security to take a holistic view, recognizing that safety and security in our technology does not depend on what country we are in, but rather on common properties of the hardware and software we use, and a shared understanding of what technological safety and security means for all humans.
We have reached out to the FCC for clarity on this topic, and look forward to updating this post with their reply.
by on March 4, 2026
Earlier this week1, the U.S. Supreme Court (SCOTUS) denied certiorari (cert) in Thaler v. Perlmutter. Thaler contended that an image — generated by a Large Language Model (LLM)-backed Artificial Intelligence (AI) — deserved copyright registration. Since the U.S. Copyright Office refused to grant the registration, Thaler appealed to the U.S. District Court for the District of Columbia (DC Circuit). That Court affirmed the Copyright Office's decision. SCOTUS' denial of “cert” means they will not hear the case. Strictly speaking, this denial does not affirm the DC Circuit Court's ruling, but it does mean the DC Circuit decision stands.
Many in the Free and Open Source Software (FOSS) community raised concerns about the impact on copyleft — and even FOSS in general. TL;DR: Don't Panic! — this case is extremely limited in scope.
First, a proviso: this case is about copyright of an artistic image, not software. Copyright law — and the legal precedents around it — differ widely for different types of creative works. Analysis of the copyrightability of works of software varies in notable ways. Therefore, do not to assume that analysis for images apply broadly to software.
Second, while the decision is “published” 2, there are also many other cases related to LLMs and AI currently pending throughout the U.S. Courts. Courts and laws always lag behind technological advancement. Indeed, this is precisely why copyleft was invented: as a mechanism to achieve with existing laws and precedents what we could not accomplish in the legislature. Forty-one years after copyleft's invention, we still do not have a federal law that mandates software right to repair!
Third, the Court found that a registration was not valid (at this time) if the work's sole author is a computer program. Thaler (who was both (one of) the author(s) of that computer program and its user) repeatedly waived any claim to consider Thaler's own copyright in the LLM-backed AI prompting process. Thaler also did not argue any copyright interest in the LLM-backed AI system itself were subject of the registration. So, this decision does not evaluate any creative expression by (a) the author(s) of the prompts themselves, (b) copyrights held in the LLM, its weights, generation, curation, or its user interface, and (c) copyrights held in underlying works in the LLM training data.
Thaler's original registration was the root cause of this substantial narrowing because the registration contended that the AI system itself was the author of the image. This case only considers a copyright registration where the sole “author” is identified as a specific computer program. Thaler stipulated that the work was generated solely through prompts and no human modified the work thereafter. As such, even if the other districts begin citing this case regularly, and even if many districts decide it applies to software without further consideration of the difference in the types of works, such precedent causes no disaster for FOSS.
Admittedly, some LLM-backed generative AI agents can be merely prompted to create a work of software from scratch that has some transient utility. However, the most common workflow in using these agents (at least in FOSS development) is as follows:
Furthermore, dicta 3 — appearing in the DC Circuit ruling — supports a conclusion that the human actions on that third step would constitute creative expression — affixed in tangible medium — suitable for copyright registration. Indeed, their ruling states:
First, the human authorship requirement does not prohibit copyrighting work that was made by or with the assistance of artificial intelligence. The rule requires only that the author of that work be a human being — the person who created, operated, or used artificial intelligence — and not the machine itself. — (Thaler v. Perlmutter, 130 F.4ᵗʰ 1039, 1049 (D.C. Cir. 2025))
The Court also indicated these other issues are for a future time in another case. The DC Circuit readily admits that their ruling applies only to the state of AI systems at the time of writing4. Again quoting from their ruling:
Of course, the [Thaler's AI] Machine does not represent the limits of human technical ingenuity when it comes to artificial intelligence. Humans at some point might produce creative non–humans … Science fiction is replete with examples of creative machines that far exceed the capacities of current generative artificial intelligence. For example, Star Trek’s Data might be worse than ChatGPT at writing poetry, but Data's intelligence is comparable to that of a human being. See Star Trek: The Next Generation: “Schism” (Paramount television broadcast Oct. 19, 1992) (“Felis catus is your taxonomic nomenclature, an endothermic quadruped, carnivorous by nature”). There will be time enough for Congress and the Copyright Office to tackle those issues when they arise. — (Thaler, 130 F.4ᵗʰ at 1050)
[ As always, SFC is not a law firm, IANAL, and TINLA. ]
1 I — and my colleagues at SFC — acknowledge that SCOTUS made other decisions recently regarding an array of important social justice causes. Since SCOTUS' decision to deny cert in this particular case is so closely related to my work, I'm writing about it. However, all of us at SFC acknowledge that our community is reeling from other recent decisions.
2 In this context, “published” is a term of art that lawyers use to describe a case that the publishing Court (in this case, the DC Circuit) felt was important enough to “share officially and formally” with other Courts. While (in a precedent-based legal system) any Court can cite an unpublished case from another Court, published cases are much more likely to be cited than unpublished ones.
3 “Dicta” is explanatory language found in a court's decision that isn't necessary to the court's conclusion. . Dicta isn't precedential but it can be persuasive.
4 Note that the DC Circuit issued their ruling in March 2025. It is not uncommon for SCOTUS to delay for a year (or more) before issuing a ruling to grant or deny cert.
by on January 26, 2026
We at Software Freedom Conservancy are disappointed at some surprising news. Two weeks ago (THU 2026-01-08), we had our original pretrial motions hearing scheduled in our historic impact litigation against Vizio. Just about an hour before the hearing's start-time, Judge Sandy Leal issued a minute order that rescheduled the hearing and (effectively) removed the trial (which was set to start on Monday 12 January 2025) from her calendar.
The rescheduled hearing date was Monday 2026-01-26 at 09:00. At 08:15 that morning, our attorneys were contacted from the Court Clerk that the hearing was again postponed..
We have been in this litigation against Vizio since October 2021. Vizio violated both the General Public License (GPL) and Lesser GPL Agreements. Vizio's “Smart” TV products include more than a dozen packages under these copyleft licenses, yet Vizio has continually failed to comply with these agreements in various ways — most notably (and including but not limited to) by (a) not providing complete, corresponding source code, (b) not providing “the scripts used to control compilation and installation of the executable[s]”, and (c) not providing object code necessary for relinking the LGPLv2.1'd works. We were looking forward to our days in Court that week to show the world all the details of Vizio's non-compliance, and to ask the Court to acknowledge (among other things) our right as a third-party beneficiary under the GPL Agreements to receive all the materials that those Agreements require Vizio to give to all consumers who purchase their devices. These devices, BTW, are called “Smart” TVs because what's inside is actually a small (but powerful) computer attached to the giant video display — driven and controlled largely by copylefted FOSS.
Notwithstanding our frustration, our trial was delayed for good reason. Another case — even older than ours — needed more time for their jury trial (and thus had priority over ours). While some criticize the USA for being “too litigious”, we at SFC believe firmly that the civil Courts are the best place where ordinary citizens and small, scrappy non-profit charities like SFC can seek justice when our rights are violated. We also know that there is more injustice in our country these days than anyone would like, and this delay occurred because there are other folks out there seeking justice on other important issues and rights, too.
We understand that we've been waiting for a long time in a very long queue in the California Courts, and while we (like everyone) get frustrated when the line is taking much longer than expected, we also appreciate that Judge Leal is carefully managing her docket to grant all parties an impartial opportunity for justice.
Attorneys for both SFC and Vizio are now negotiating with the Court for rescheduling. We hope the pretrial hearing will be scheduled fairly soon. We will update here and on the Fediverse as we know more.
We'll spend the next few weeks posting the various recent motions and filings in the case, and publishing some retrospective summaries of the last four and a half years of the case for you all to read.
Be sure subscribe to our feed in your RSS readers/aggregators and follow us on the Fediverse (via Mastodon or your preferred ActivityPub software). to receive updates!
by on December 3, 2024
Software cannot run without hardware. To have software freedom, we need hardware to run our software. Sadly, the vast majority of hardware is not built with software freedom in mind. Too often, we are beholden to the big hardware companies that sell us our laptops, phones, routers, TVs and other devices. Few manufacturers today build devices with user modifiability and longevity in mind. And it's getting worse. Hardware is becoming more and more locked down, making the need for devices that will work in our interests more and more acute.
Software Freedom Conservancy announced on Friday, in conjuction with our OpenWrt member project, that the first router designed from the ground up by the OpenWrt community is now shipping. OpenWrt developers and SFC staff have been coordinating over the past year to design and produce a hardware device that showcases the best of what OpenWrt has to offer. From the upstream-first approach, to the up-front source code availability, no stone was left unturned in ensuring the device would give people flexibility and control over the software (and hardware) that runs their network.
SFC works toward GPL compliance across the industry, so the devices running Linux out there (which now include toasters, dishwashers, fridges, and dryers, as well as laptops, phones, routers, and TVs) all comply with the copyleft terms that give you the right to modify and reinstall changes onto your device. GPL enforcement is one way we tackle this problem, but we constantly seek other approaches. In the case of OpenWrt, we have yet another example that shows the device manufacturers that haven't yet complied with the GPL (and given users the rights they are owed) how to do it right — to give people what they want and what the GPL requires.
We are very excited to watch the interesting applications you find for your OpenWrt One. We're amazed and impressed to learn some people are already running Doom and other software that just won't run on a router that you buy from one of the big name router brands. :) We think it's important for people to have the freedom to make their software work for them, to explore, and enjoy their software experience. The GPL and other copyleft licenses exist to make this possible.
The OpenWrt One is admittedly not perfect. It's sadly a prime example of hardware from recent eras that relies on a few binary component firmwares (in this case, for small parts of the wifi, 2.5 GbE port, and RAM calibration). It is difficult to construct modern hardware without a few of these binary blobs. While this reality is a travesty, we are excited that nearly all the source code for the software on the OpenWrt One is freely licensed. This ensures the maximum possible ability to repair and improve the device. We hope the device will last, and someday, since the binary parts are electronically upgradable, future users can replace the binary component firmwares as FOSS replacements become available. The design and distribution of the OpenWrt One shows that it is not only possible to distribute a device containing both copylefted and non-FOSS code, but that it is also cost-effective and straight-forward to comply with the relevant licenses, and allow users to modify and reinstall the device from source.
SFC wants to build this future of freedom for all your electronics (especially those running Linux and other GPL'd software). I work every day through private channels (and the courts, when needed) to get companies to respect your rights under the GPL. I'm ecstatic that we're now creating new hardware to show the world what is possible when we put software rights first! We're excited for everyone to join us on this journey, and encourage you to read our OpenWrt One launch announcement for more details on this first step.
We just started our annual fundraiser and we'd be thrilled if you could support us by becoming a sustainer. For a limited time, until January 15 (or $204,887 of donations), all donations will be matched, so renew or become a Sustainer today! Thanks for helping us bring software freedom (and hardware respecting it) to everyone!