Verizon Being Sued for GPL Infringement

darthcamaro writes "According to the SFLC, Verizon can be added to the list of companies infringing on the GPL. They filed a lawsuit in New York yesterday (pdf) alleging that the company is handing out routers using the GPL'd software 'BusyBox' without accompanying source code. Today the SFLC spoke to the media to lay out its case: 'The legal action against Verizon come as the fourth action that the SFLC has undertaken this year on behalf of BusyBox on GPL issues. The GPL is a reciprocal license that requires users of GPL-protected technology to make their source code available to end-users. To date, the SFLC has settled with one defendant out of court. Two actions, facing Xterasys Corporation and High-Gain Antennas, are ongoing and Ravicher said he's optimistic about negotiations resulting in a resolution with each.'"

Is the router user-modifiable?

[Ed Avis (5917)]

Do the users have admin rights on the router to install a new version of busybox? If not, sending them the source code seems like a pointless formality, like a map to a country you are forbidden from visiting.

Re:

[morgan_greywolf (835522)]

Hmmm...you bring up an interesting point. If busybox were GPL 3, would Verizon then be forced to give users admin rights to the router?

Re:Is the router user-modifiable?

[homer_ca (144738)]

It's not locked down. Verizon gave me an Actiontec router free with FIOS service. You get the password, and you can reconfigure anything you want. You don't need to change anything, since the installer will get it working with your wireless laptop if you need the help (default setup is 64bit WEP). You can also use your own router, but if you get FIOS TV, you'll have to use the Actiontec because it has a coax out for the TV set-top box. I tossed it in the closet because wireless performance sucked. Not sure if it was WPA or incompatibility with the wireless client, but it barely worked in the same room.

SFLC

[l2718 (514756)]

SFLC is the Software Freedom Law Center [softwarefreedom.org]. You can think of it as the militant arm of the Free Software Foundation [fsf.org] (FSF), though one does not directly control the other. Its founder and main figure is Prof. Eben Moglen [wikipedia.org], formerly general counsel and board member of the FSF.

Re:

[LiquidCoooled (634315)]

Sounds like the archos 605.
It apparantly runs Linux but uses executables signed with their private key and people haven't yet cracked it open.

Shame really because they are nice.

Re:

[micheas (231635)]

You can do tftp firmware upgrades to the router much like the Linux based Linksys boxes.

The uses I can foresee is modifying the ipstack and modifying snmp of the router. I am sure more creative minds than mine can come up with much more useful ideas.

Re:Is the router user-modifiable?

[by Anonymous Coward]

Bullshit. Their users can't install new versions on the box, but other developers can look for changes they've made, and possibly incorporate them into their own code. You could create a replica of the hardware, and install their code on it. You can find and point out security vulnerabilities. There's plenty of reasons you'd want the source, without being able to modify the code running on the box itself.

Replica of the hardware?

[tepples (727027)]

You could create a replica of the hardware

Wouldn't that possibly violate hardware patents or the FCC's monopoly on radio frequency transmissions?

Re:

[sumdumass (711423)]

Depends on how you create it. If you purchased the chips, then presumably your patent obligations concerning them would be covered. If you purchased the radios pre-configured and so on, it could be the same. Think of it more like building a PC and selling it. You aren't actually building it as much as assembling it.

Now, according to the FCC and radio frequencies. If you purchased the radio broad/chip and antenna from the same manufacture, they might have already had it certified. If they haven't, then you c

Re:

[norton_I (64015)]

You can get your hardware certified for operation in the band in question.

You might be able to make a router that doesn't infringe on any hardware patents you can't easily license.

You might want to port any busybox patches to openwrt and use them in a linksys box.

Any inability to replicate the hardware due to other IP is irrelevant, the busybox people don't own that.

Re:

[Ed Avis (5917)]

Agreed, but most of that doesn't help the users (who could download busybox sources from the net anyway). I'm just wondering what the point is to this legal action - if there is some wrong to be righted, or if they're just enforcing compliance because they can. I doubt that Verizon or the hardware manufacturer have made any enhancements to busybox.

Re:Is the router user-modifiable?

[pfleming (683342)]

Well, if you had RTFA (but this is /.) you would have seen that they state Verizon is distributing the binary from their web site. That nullifies any, "we're only renting the router" arguments. They are distributing binary. They have to distribute the source too.

Re:Is the router user-modifiable?

[itsdapead (734413)]

sending them the source code seems like a pointless formality

(a) They don't actually have to include the source code with every router - just a written offer to supply the source code on demand. (I assume that the references to "including the source code" are journalistic imprecision or its gonna be a very short lawsuit).

(b) Users may also be developers who wish study the source code or to use or modify the software in other systems - as is their right under the GPL.

Anyway, most such products ship with a CD for plug-n-drool installation so how hard can it be to include a few source files?

Re:

[Ed Avis (5917)]

(a) a written offer is kind of pointless, when you can download busybox source code off the net free of charge (and we can assume that anyone with this router has an Internet connection...)

(b) again, you can study the busybox source code whenever you want, whether you have bought this router or not.

I support the GPL and of course it should be enforceable but I wonder what makes this particular router a target for spending time and money on a lawsuit. Surely there are more pressing threats to freedom that t

Re:

[Frosty Piss (770223)]

a written offer is kind of pointless, when you can download busybox source code off the net free of charge (and we can assume that anyone with this router has an Internet connection...)

Sure, you can download BusyBox code from BusyBox. But can you download BusyBox code as modified by Verizon? Under the GPL, shouldn't you be able to do that? It might not be the sam as the BusyBox code at BusyBox...

...I wonder what makes this particular router a target for spending time and money on a lawsuit...

Of course i

Is the router sold or rented?

[CustomDesigned (250089)]

If the router is owned by Verizon, and merely rented or provided for use by customers, then Verizon is not under GPL obligations - regardless of whether it is on customer premises. It is only if Verizon is selling or giving away the routers that they need to meet GPL obligations. The case of DRMed media and devices is weird. While ostensibly a "sale", you can't actually do anything with the product without permission from the maker. Thus Tivo and *AA companies are lying to consumers when they offer to

Re:

[sumdumass (711423)]

Well, actually, I was thinking about this the other day.

Suppose I sold something for 400 dollars. I didn't want you to modify it so I leased it instead at a cost of $100 over the expected life span and then claimed that the life span was 4 years and you were to toss it in the trash at the end of it's life.

You would effectively have bought the thing, I can deny service is changes are made and I never actually distributed anything because you are supposed to dispose of it. If you keep it and it still works af

Re:

[wattrlz (1162603)]

Pointless or not, it's the terms of the license.

They've got bigger problems - router is P.O.S.

[kannibal_klown (531544)]

The router in question is the ActionTec MI424WR. It's very pretty, and the web admin page is quite intuitive.

Unfortunately it has a MAJOR flaw. They're giving it out to their FIOS customers now, and the router shuts down when it gets hit too many times. This happens when using a Torrent, but also when refreshing STEAM server lists!

It's quite annoying, and since it's used by the TV set-top-boxes in the house it's kind of necessary. It's a shame, my 20Mbit connection can't handle Steam.

The problem was found a while back (when the casing wasn't as pretty about a year ago) but still no fix. I believe it has to do with a small NAT table.

That's odd...

[sczimme (603413)]

It's quite annoying, and since it's used by the TV set-top-boxes in the house it's kind of necessary. It's a shame, my 20Mbit connection can't handle Steam.

That's odd: I thought Steam was supposed to travel through a series of tubes...

Try putting a pressure gauge and valve just upstream from your router: if the Steam pressure goes up too much, you can close the valve. Easy peasy!

PS Get a whistle, too: your router will sound like an old train.

Re:

[Autumnmist (80543)]

Oh crap is THAT what it is? Mine ends up unresponsive on wireless even though it's still issuing IPs (no packets getting through though).

Re:

[darkmeridian (119044)]

Do you think a new firmware issued by OSS source code hackers can address the problem? I mean, Verizon should be jumping on this possibility of reducing costs.

Re:

[sumdumass (711423)]

Are you sure? Because if that is true, then Action tech could be the one responsible for the GPLed code.

A quick search of their site seems to indicate that they have a download [actiontec.com] for it.

Now, Verizon could be protected from having to distribute the code by either of two ways that I can think of. The first might be in that they don't actually sell it but lease it and keep control of it. This sounds like something Verizon might do but I have replaces My ADSL2+ modem after their got hit by lightning. Their tech s

Re:

[sumdumass (711423)]

I just read the filing. Evidently, the fact of the router is secondary. They posted a link to the firmware for the product and the complaint references that. http://www2.verizon.net/micro/actiontec/actiontec.asp [verizon.net]

I was surprised too. I though verizon might be covered by the right of first sale. But unless they are redirecting the firmware from the ActionTech site, they are probably in violation.

I have this router

[EMIce (30092)]

They are handing it out these Actiontec routers with fiber optic service. It has a coaxial port which is WAN/LAN port (different frequencies for each), WAN ethernet port, and a few LAN ethernet ports. The coaxial LAN and cat5 LAN are bridged.

The TV set top boxes get IP addresses on the LAN via their coaxial connections. So these Verizon controlled boxes actually sit on my LAN in the same subnet as my PCs. They start at 192.168.1.100 while the PCs start at 192.168.1.2. Well I pinged then port scanned these Motorola set top boxes, and at least the HDTV DVR model of the box had it's VxWorks debug port left open. Interesting...

With the right tools I could imagine full access to the drive and the running software. So what does it take to work with this VxWorks debug port?

Some people may want to copy recordings out or enable the USB/Firewire to allow more than the 80GB internal storage included, but I am more curious if this untrusted box is doing anything I don't want on my home network. Few have the special equipment to tap these MOCA (multi-media over coax) wires between the router and the STBs, so this debug port might be a good way to check.

Uh-oh...

[idontgno (624372)]

I wonder if Verizon is the right place to be looking for the source code?

If the "infringing product" is, indeed, the Actiontec MI424WR, wouldn't the correct place to look be the manufacturer of the hardware and integrator of the firmware, Actiontec?

Looking on Actiontec's "Support: Open Source" website (http://opensource.actiontec.com/index.html [actiontec.com]), I see the following:

GPL Code Download is available for the following Actiontec products: Wireless Broadband Router Model MI424WR

The following is the portion of the Actiontec source code for the MI424WR Products.

List of modules:

busybox-0.50
Release Date Filename
11/27/2007 actiontec_opensrc_mi424wr.tar.gz

Hmmm... looks like Actiontec is at least attempting to honor the license. I haven't researched what's in the tarball, but at least it's there.

So, again, why is SFLC suing Verizon? I'm sure Verizon would argue that (A) they're just retailing and installing off-the-shelf hardware, and (B) any license liability is the hardware manufacturer's.

BTW: to the 4 anonymous cowards that I upmodded earlier in this article, sorry you lost my moderation bump. I hate wasting modpoints, but this seemed relevant and important.

Verizon is distributing the software

[Chirs (87576)]

They're suing Verizon because Verizon is distributing the hardware boxes (and thus the embedded software).

Verizon could then turn around and sue the hardware manufacturer as well, but they themselves are still liable under coypright law.

Also, the GPL is quite clear as to when you are allowed to post a link to a website, and when you have to ship the actual source with the product.

Re:

[idontgno (624372)]

They're suing Verizon because Verizon is distributing the hardware boxes (and thus the embedded software).
Verizon could then turn around and sue the hardware manufacturer as well, but they themselves are still liable under coypright law.

I'm not sure if I buy that. At least, I don't think it's that simple. If I sell hardware with GPL firmware, and I don't do firmware support myself, I can't imagine that simply retailing the hardware incurs any kind of source code requirement.

I'm not considering whether Ve

Re:

[bug1 (96678)]

"You think that every reseller of an integrated hardware/software system (or hardware/firmware) has to be licensed to "distribute" the software (firmware) component?"

So if load up a PC with a copy of windows i bought in a back alley in china for $1 and "resell" the hardware/software in the US then im legally in the clear, and its only the guy in china that can get in trouble ?

Copyright laws dont just magically disappear just because one commercial transaction has taken place.

Perhaps your confused as a lot o

Re:

[mr_matticus (928346)]

So if load up a PC with a copy of windows i bought in a back alley in china for $1 and "resell" the hardware/software in the US then im legally in the clear

With regard to the resale, yes.

The trouble is that you purchased illicit goods knowing them to be of questionable origin (strike one, bad faith), installed unlicensed software (strike two, copyright infringement), aren't licensed to do business with China (strike three, multiple no-nos [tax, commercial code, etc.]), and misrepresented what you're selling as legitimate (strike four, fraud). You'll get busted for any number of things. Resale of goods purchased in good faith would not be one of them.

Now, ha

Re:

[bug1 (96678)]

"Pfft. Which part of "integrated" didn't you understand?"

The part that means "get out of jail free"

Re:

[sumdumass (711423)]

Reselling your Ipod is covered by the right of first sale doctrine. Verizon could be covered too.

Also, the configuration pages that Verizon probably did change to display their logo might not be any different then a webpage running on an GPLed webserver. It probably shouldn't kick in the GPL. And if it did, all verizon would have to do it provide access to the logo's image.

This entire thing is extremely complexed and there is little to no information in the article. I would like to see the actual filings to

Re:Uh-oh...

[strredwolf (532)]

Verizon modded the firmware to at least display the Verizon logo on the router's admin pages. They usually supply the modded firmware themselves, so it's not Actiontec who's at fault (they are in GPL compliance). It's Verizon (with the modded firmware).

Re:

[idontgno (624372)]

Now that's the answer which makes the most sense. If it's not stock firmware, and the altered firmware is in the scope of the original open source (i.e., not just simple aggregation), then yes, Verizon is obligated to honor source redistribution requirements.

But remember: not everything in the firmware image is necessarily open source. (Again, the "simple aggregation" criterion.) Therefore, not everything would trigger an obligation to share source.

TFA is a fine piece of press-releasemanship, but awfully li

Re:Uh-oh...

[mctk (840035)]

Seeing as you just gave us your opinion for free, I must point out that you don't fake it very well.

Re:

[markov_chain (202465)]

It doesn't matter if they modified the firmware, as long as they didn't modify BusyBox. I guess they must have detected some changes in the binary and went after Verizon.

Competition

[RAMMS+EIN (578166)]

Soon, the *AA will be forced to deal with a strange new concept...competition.

Soon, they will find that they are not the only ones prosecuting copyright violators...

Soon, they will be struggling to keep ahead of the organizations that prosecute GPL violations! ... and yes, these organizations _will_ take on the *AA, and there _will_ be a film at 11!

Re:Infringed on the GPL?

[by Anonymous Coward]

Well, given that they are using the code one must assume that they have accepted the GPL or they would have no rights to it at all, so the failure to release source can be seen as a failure to comply with the license. They can of course argue that they never accepted the GPL at which point it's a plain copyright violation.

They don't really have to bundle the code with the units though. Just hand it over on request from a user. The article wasn't to clear on that. But I expect SFLC tried to ask them for it before it came to this.

Re:

[sumdumass (711423)]

Well, Version could have never accepted the GPL and the manufacturer which could be someone different could have.

In that case, I would think that Verizon is somewhat protected by the right of first sale and the fact that acceptance isn't necessary for use. It could be that the original manufacturer is the one responsible to the source code.

Re:

[msuarezalvarez (667058)]

Please, read the GPL or one of the five zillion FAQs about it out there---the one one the gnu site might be a great starting point---before commenting...

Do not be the noise: be the signal.

Re:

[vux984 (928602)]

The GP is wrong because he apparently assumes that if you take gpl code, put it in a box unmodified, that you can sell it without including the offer to provide source.

That is in clear direct violation of the GPL.

If you were to even just download a common oss app like Azureus and tossed it up on your own website for other people to download you are responsible for making the source code available.

As an aside, I'm suddenly curious how and if this impacts on p2p. Would someone downloading a torrent be technic

Re:

[msuarezalvarez (667058)]

You probably has a transmission error while getting the copy of the GPL you read, since it apparently was missing section 6...

As for your last sentence: see http://www.gnu.org/licenses/gpl-faq.html#SourceAndBinaryOnDifferentSites [gnu.org].

Re:

[sqlrob (173498)]

Like when TimeLine threatened SQL Server users? Sounds real safe.

What is the point of trolling like that?

[DRAGONWEEZEL (125809)]

I never did understand what "thrill" people get from doing this. Do you have some valid knowledge? A point? Come on, next you'll be bitching about my english.

P.S. I went to publick skewl and i right ok.

Re:Business World Fleeing The Viral GPL

[DaleGlass (1068434)]

Oh, bullshit.

You claim that Verizon, a huge company, which probably employs quite a few lawyers is unaware about the terms under which the code is distributed? Here's a hint: Every piece of software comes with a license. There are much nastier things out there than the GPL, and it'd be outright stupid for a large company to use anything without having a lawyer through the terms.

Now, if this makes them stop using GPL code, that's a perfectly good thing. I for one write GPL code for very good reasons and prefer it not to be used to infringement.

Re:

[laffer1 (701823)]

Why do you assume the lawyers are looking at everything the programmers or whoever they outsource to is doing? Maybe verizon contracted it to a consulting firm in the US or elsewhere and didn't bother to look at the license?

I can think of a lot of things Verizon's lawyers might be doing including dealing with RIAA lawsuits against their customers. Big companies don't always think. If lawyers checked everything, we would never see patent lawsuits either. Think about it.

Re:

[DaleGlass (1068434)]

Why do you assume the lawyers are looking at everything the programmers or whoever they outsource to is doing? Maybe verizon contracted it to a consulting firm in the US or elsewhere and didn't bother to look at the license?

Because the potential consequences can be quite horrible? Infringe on the copyright of somebody like Microsoft or IBM, and things can get very unpleasant, fast. There are many companies with nasty terms out there. Some for example specify you give the company permission to run an audit o

Re:How did they infringe?

[Rene S. Hollan (1943)]

That exemption is only available for non-commercial distribution.

Re:

[roscivs (923777)]

That exemption is only available for non-commercial distribution.

Wow, that is ridiculously wrong. At least if we're talking about GPLv2, there's no difference between commercial and non-commercial distribution.

The fact of the matter is that if you're distributing GPL'd code in a manner that would violate copyright if no license were given (e.g. copying it), then you must distribute the source code (either directly or via a written offer).

Of course, if you're not distributing GPL'd code in a manner that woul

Re:

[Ash-Fox (726320)]

My router is from German "T-Com" and doesn't come with source code for the firmware or any notice about GPL code packaged.

Not including the license is infringement - but many of these cases tend to be the company forgot to package it (programmers aren't the ones doing the marketing material - a honest mistake, usually informing them is enough to get it fixed..).

So, my question: Doesn't that count as an infringement too?

Request the company for the source code, and if they don't provide it, then it is infring