'Open Source Security' Loses in Court, Must Pay $259,900 To Bruce Perens (theregister.co.uk) 141
Bruce Perens co-founded the Open Source Initiative with Eric Raymond -- and he's also Slashdot reader #3872. Now he's just won a legal victory in court. "Open Source Security, maker of the grsecurity Linux kernel patches, has been directed to pay Bruce Perens and his legal team almost $260,000 following a failed defamation claim," reports The Register. Slashdot reader Right to Opine writes:
The order requires Spengler and his company to pay $259,900.50, with the bill due immediately rather than allowing a wait for the appeal of the case. The Electronic Frontier Foundation's attorneys will represent Perens during OSS/Spengler's appeal of the case.
Perens was sued for comments on his blog and here on Slashdot that suggested that OSS's Grsecurity product could be in violation of the GPL license on the Linux kernel. The court had previously ruled that Perens' statements were not defamatory, because they were statements by a non-attorney regarding an undecided issue in law. It is possible that Spengler is personally liable for any damages his small company can't pay, since he joined the case as an individual in order to preserve a claim of false light (which could not be brought by his company), removing his own corporate protection.
Perens was sued for comments on his blog and here on Slashdot that suggested that OSS's Grsecurity product could be in violation of the GPL license on the Linux kernel. The court had previously ruled that Perens' statements were not defamatory, because they were statements by a non-attorney regarding an undecided issue in law. It is possible that Spengler is personally liable for any damages his small company can't pay, since he joined the case as an individual in order to preserve a claim of false light (which could not be brought by his company), removing his own corporate protection.
A Message From Bruce Perens (Score:5, Informative)
I am very lucky to have my attorneys from the Electronic Frontier Foundation, and my attorneys from O'Melveny and Meyers who won the lower court case and will continue to help EFF during the appeal.
My attorneys have requested that I not comment about the case at this time. Obviously, I'd love to discuss it with you sometime, when it's all over.
Valerie, Stanley and I are doing well and send you our best wishes.
Thanks
Bruce
Re: (Score:2)
I hope there's enough left over after legal fees for yourself.
We met at the Linux Expo in 1998, and I enjoyed meeting you.
Re: (Score:3)
. Yes, they have to pay, however they can't cease retirement account funds and certain other assets.
Cannot seize or attach certain retirement accounts directly BECAUSE the legal owner is the employer or an irrevocable trust.
However, All retirement accounts are designed to payout to their owner (eventually). If they remain in default of payments to satisfy a judgement --- the very instant that retirement account pays out funds to the party, whether immediately or years down the road, the court can a
Re: (Score:2)
sad that we have any court battle in the OSS world.
However, congrats.
And yes, follow your lawyer. Do not trump this.
Re:A Message From Bruce Perens (Score:5, Insightful)
For some of you to rip into him, is just sad.
Seriously, it is long past time to make the code so as to lower the trolls. Make it so that unless we are moderating, that we can skip ACs below a certain point. Hey, if a moderator brings them up to say 2 or 3, I will want to see them. OTHERWISE, why bother. I get sick of reading so many lies and crap from the trolls.
Re: (Score:2)
I know I get sick of reading them.
Re: (Score:2)
Seriously, it is long past time to make the code so as to lower the trolls. Make it so that unless we are moderating, that we can skip ACs below a certain point. Hey, if a moderator brings them up to say 2 or 3, I will want to see them. OTHERWISE, why bother. I get sick of reading so many lies and crap from the trolls.
Don't know what you're talking about, I see no trolls here. The sliders set at their default level pretty much hide ACs as it is.
Re: (Score:2)
There is an account setting where you can assign values to comments based on various things such as who sent the message, what kind of moderation it has received, etc. Just set Anonymous Coward to -2 and your wishes will come true. :)
Re: (Score:2)
Re: (Score:1)
Hi Bruce,
I'm pleased that this has gone your way.
All the best,
Roger
Re: (Score:2)
Re: (Score:2, Insightful)
"I am very lucky to have my attorneys from the Electronic Frontier Foundation"
Yes you are, considering they're just publicity whores like the ACLU.
You only got them on your side because of your name. Many others that could've used them are rotting away in prison because they're not 'high profile enough.'
Maybe you should draw some attention to that fact while you've got the publicity.
Re: (Score:2)
Thanks for doing this, Bruce. I know it's not just "taking one for the team" but If you establish a precedent here it will provide lasting benefit for discourse within the community and beyond.
Re: (Score:2)
On a lighter note, I giggled a little when I saw my UID was lower then yours. :-P Congrats and good luck with the remainder of case tho! :-P
Re: A Message From Bruce Perens (Score:5, Informative)
that his lawyers worked for about 900 hours and were paid for about 450 of them, at fair rates for lawyers.
Re: (Score:3, Interesting)
Re: (Score:3)
There is a common-use desktop in the living room. The family members don't generally think of each other as security threats. :-)
Re: A Message From Bruce Perens (Score:5, Funny)
The family members don't generally think of each other as security threats. :-)
One thing I've learnt from having a sister and a mother, family are the WORST security threats :-)
All the best with the rest of the proceedings.
Re: WTF? (Score:2)
Re:GR Security now judged illegal? (Score:5, Insightful)
"Bruce Perens defamed the plaintiffs" and "the plaintiffs violated copyright law" is not a true dichotomy. Zero, one, or both statements could be true in the abstract. This court case only resolved the first question.
Re: (Score:2)
No. A court just ruled that Perens did not defamate GR Security by claiming that their patchset may violate the GPL. Full stop. This was not a copyright case.
Re: (Score:2)
If I understand correctly, Bruce has been claiming that GR security isn't following the licenses - in other words is breaking the law
No. GR Security wasn't following the GPLv2 license stipulations and could be in violation of the license. The GPL isn't codified into law. And the phrasing that Perens used was "could be".
Loss of this court case could then be effectively seen as a court judgement that GR Security's patches are illegal. Has anyone read the court judgement in enough detail and with enough understanding to confirm that?
No, GR Security patches are not illegal because the GPLv2 isn't law. The patches may be in non-compliance with GPLv2 though.
Re:GR Security now judged illegal? (Score:4, Informative)
If the patches are not in compliance with the GPL, then they're being distributed in violation of copyright law. Which is illegal, last I checked.
The GPL doesn't have to be "codified into law", because nothing else gives you permission to distribute the code in question. The only purpose of the GPL, really, is to provide people with a defense against infringement charges by the copyright holders. And technically, it contains no restrictions at all--it simply has limits on the otherwise-illegal things allows you to do. Anything copyright law allows, the GPL allows. So the only way to "violate the GPL" is to do something against the law.
That said, we still have no idea whether GR Security is violating the GPL (and thus copyright law). All we really know is that Bruce is entitled to his opinion.
Re: (Score:3)
If the patches are not in compliance with the GPL, then they're being distributed in violation of copyright law. Which is illegal, last I checked.
The problem is that using the term "illegal" which has very specific legal and judicial meaning. In terms of GPL and copyright, it's a violation of the license and a breach of contract. When we talk about copyright legal terms like "theft" and "illegal" keep being thrown around when they are not precisely used. As an example, if I have an agreement with a consignment store to sell some items for 35% but after selling my items they only give me 25%. Did the consignment store "steal" my property? No, there ma
Re: GR Security now judged illegal? (Score:2)
If you violate the GPL you have no right to distribute. Distributing anyway is against copyright law. Thus, if you distribute while not adhering to GPL what you are doing is against the law.
No, if you violate the GPL, you violate the GPL. You do not necessarily violate copyright. You are equating the two as the same and they are not. GPL is an extension of copyright. A truck is an automobile; not all automobiles are trucks.
GPL does not stipulate restrictions.
Yes it does. Either you don't understand the GPL or you are lying. Specifically, you may modify the source code but you must publish your modifications if you re-distribute.
Yes it does. Specifically you must publish and maintain copyright notices.
Both stipulate under what conditions you are allowed to distribute, something you otherwise would not be allowed to do at all.
Dude, you have to be more precise in your words. You just said above that neither stipulate restrictions then you say that they do stipulate restrictions. Second, distribution rights are always with permission of the copyright holder and the whole point of this conversation is about granting permission.
Neither stipulates restrictions on something you would have been allowed to do. Both stipulate a *removal* on restrictions to distribute.
Again, be clear on your use of words.
If someone acts beyond the freedoms granted by GPL or BSD, their acts then - by definition - violate copyright law, because the acts occur without the freedoms the licences would otherwise have provided.
Again, no. A truck is an automobile. An automobile is not necessarily a truck. A violation of the GPL does not necessarily violate copyright. A violation of copyright will definitely violate the GPL.
Re: (Score:2)
No, if you violate the GPL, you violate the GPL. You do not necessarily violate copyright.
The GPL says that you do not have to accept its terms, and can simply abide by normal copyright rules instead. So, unless you're doing something that would otherwise violate copyright, it doesn't even apply. And you can't violate the GPL when it doesn't even apply!
So that only leaves cases where 1. you're violating what copyright law would allow, but following the GPL (which is fine) or 2. violating what copyright law would allow and violating the GPL. Thus, if you're violating the GPL, you're violating cop
Re: (Score:2)
So that only leaves cases where 1. you're violating what copyright law would allow, but following the GPL (which is fine) or 2. violating what copyright law would allow and violating the GPL. Thus, if you're violating the GPL, you're violating copyright law.
Again, a truck is an automobile. An automobile is not always a truck. If you violate the GPL you may not be violating copyright. You are violating an enforceable contract. See ARTIFEX SOFTWARE, INC v. HANCOM, INC.
Re: (Score:2)
It doesn't matter that it's a contract. You still can't violate the GPL without violating copyright, because you can't agree to the GPL except by engaging in behavior (distribution) which would be a copyright violation if not for the GPL. If you haven't distributed the code, you're not bound by the contract. If you have, and you violate the GPL, then you've also violated copyright, because you distributed the code without a valid contract/license. There are no other possibilities with the GPL (even if there
Re: (Score:2)
It doesn't matter that it's a contract.
Let me see if I understand you: You claim it doesn't matter that it's not a contract. Here's why you don't get it. If a violation of the GPL is a violation of copyright, the courts would NEVER have to rule whether or not the GPL is an enforceable contract. They would have ruled that it was a violation of copyright. Period. The fact that they didn't rule that GPL is an enforceable contract means that it is not necessarily true that a violation of the GPL is a violation of copyright.
Not all automobiles are trucks, but all automobiles which are trucks are trucks, and all violations of the GPL are copyright infringements, because the GPL doesn't apply to any not-potentially-infringing activities.
Your failing premise first
Re: (Score:2)
A single action can be the subject of multiple charges. In this case, Artifex decided to sue for both copyright infringement and breach of contract for the same action--distributing a derived version of their software. Why? 1. it's considered good practice to throw all the charges you can in court, in case some of them don't stick. 2. It can result in a bigger judgment/more money to win on multiple charges.
And no, the courts wouldn't have dismissed the claim just because it was also a copyright violation. T
Re: GR Security now judged illegal? (Score:2)
Second by your logic a violation of the GPL is a violation of copyright. If your logic is true then ALL of Artifex's claims fall under copyright violation claims. There would be no breach of contract to dispute and the judge would have dismissed those claims. Do you see how your point doesn't make any sense?
Re: GR Security now judged illegal? (Score:2)
Re: (Score:2)
No one in this thread (neither me nor anyone else) has claimed that "the GPL is copyright"--your reasoning here is pure strawman--but that doesn't change the fact that all possible violations of the GPL are also copyright violations. In the eyes of the law, this is purely a coincidence (even though the GPL was carefully written to ensure that this would be the case). Thus, the violation of copyright and the breach of contract are separate matters to be judged separately.
The GPL explicitly allows anything co
Re: (Score:2)
No one in this thread (neither me nor anyone else) has claimed that "the GPL is copyright"--your reasoning here is pure strawman--but that doesn't change the fact that all possible violations of the GPL are also copyright violations. In the eyes of the law, this is purely a coincidence (even though the GPL was carefully written to ensure that this would be the case).
NOWHERE in this thread have you used the term "possible". Instead you said this: "If the patches are not in compliance with the GPL, then they're being distributed in violation of copyright law. Which is illegal, last I checked."
And this: "So that only leaves cases where 1. you're violating what copyright law would allow, but following the GPL (which is fine) or 2. violating what copyright law would allow and violating the GPL. Thus, if you're violating the GPL, you're violating copyright law."
And this: "
Re: (Score:2)
Oh, for Pete's sake, quit flailing at your strawman. Nobody claimed GPL = copyright, just that you can't violate GPL without infringing copyright.
He clearly did so: "So that only leaves cases where 1. you're violating what copyright law would allow, but following the GPL (which is fine) or 2. violating what copyright law would allow and violating the GPL. Thus, if you're violating the GPL, you're violating copyright law." Scroll up. Want to retract your statement?
Re: (Score:2)
We've been arguing generalities, but please give a SPECIFIC example of something you can do that violates GPL but does not violate copyright.
The person making the claim must provide the evidence. What you're saying is that I must provide a negative example which can be impossible. I did however link to an actual court case that cites that the GPL is an enforceable contract.
Re: (Score:2)
Re: GR Security now judged illegal? (Score:2)
Re: (Score:2)
Re: (Score:2)
All it does is conditionally grant some rights that by default go to the author. If you violate the terms, you have no permissions to the work under copyright law.
The only way to violate the license is to distribute against the terms, which is illegal because your conditional permissions have been revoked. If you don't distribute, then there is nothing to legally bind you. That is why violating the GPL is necessarily and
Re: (Score:2)
All it does is conditionally grant some rights that by default go to the author. If you violate the terms, you have no permissions to the work under copyright law.
No part of US Copyright Law determines HOW an owner can grant distribution rights. It only says that owners have permission. No part of it determines what constitutes a violation of permission. Please cite anywhere in 17 USC 117 [cornell.edu] where it says this.
The only way to violate the license is to distribute against the terms, which is illegal because your conditional permissions have been revoked. If you don't distribute, then there is nothing to legally bind you. That is why violating the GPL is necessarily and sufficienty a copyright violation.
Again a truck is an automobile. An automobile is not always a truck.
No, it is not, although it has been contested.
Are you arguing that the GPL isn't a contract? Because Bruce Perens (the same person in this article) says otherwise [perens.com]: "What’s made news recently is that the court found that the GPL was an e
Re: (Score:2)
It doesn't need to specify how you grant permission. It's up to the defendant in an infringement case to demonstrate that they had permission to copy/distribute. In a case of GPL violation, all they have to point to is the terms of the license which, if they did not respect, means they do not have any rights to the work by default under law. How can you not get this?
Again, the GPL is a LICENSE. The GPL is not codified into law; therefore a breach of the license does not necessarily mean a breach of copyright. See MDY vs Blizzard [wikipedia.org].
Uh, I don't know how you get from that Bruce saying GPL is a contract. He's saying the courts said GPL is a contract.
Let me see if I understand you: You said the GPL isn't a contract. I pointed out that Perens said it is and you're now arguing that technically the courts said it was a contract. Doesn't that still make you just wrong that in fact, the GPL is a contract?
Anyway, the court did not issue any kind of ruling that the GPL is a contract in that case. All they did is say that, in that specific instance, the claims could proceed under contract law. Hardly a ruling for the ages.
Did you not just argue that it wasn't contested? I've pointed out that it has been contested
Re: (Score:2)
Half of Legal Fees (Score:4, Interesting)
According to TFA, the $260k was awarded due to California's anti-SLAPP law. However, this is half of what Perens asked for to cover legal fees. I'm really wondering why he chose to spend over $500k on lawyers, for a defamation and business interference case. Surely the default judgement wouldn't even be that much money? Posting a comment to slashdot leads to half a million dollars in legal fees for the poster? Doesn't anyone else see this as insane? Imagine how many slashdotters would be bankrupted daily by various posts about Theranos, Microsoft, Systemd, Yahoo, Google, or various government officials, if robo-lawyers automatically filed charges for every arguably-defamatory post about them, leading to $500k legal fees each.
Re: (Score:2)
Why do you think Perens paid that much? EFF certainly paid some (I have no idea what fraction), and his other lawyers might have worked on a contingency basis, having faith that courts would get this right.
Re: (Score:2)
Spender must have mental illness to think that writing some posts questioning the legality of some random piece of software is defamation... He was in over his head when trying to go up against one of the most popular people in open source software movement.
Re: (Score:1)
So he should have rolled over even though he was right b/c it was cheaper. Ever wonder why patent trolling works????? People like you.
Re: (Score:2)
various posts about Theranos, Microsoft, Systemd, Yahoo, Google
Is it possible to defame a corporation (or in the case of systemd, a piece of software) at all?
Re: (Score:1)
Yes. Legally it's no different from defaming an actual person.
I think that's the point (Score:5, Insightful)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
In the US, at least, a lawyer (robo- or otherwise) cannot sue on your behalf without permission from you. So you can't be bankrupted by these evil robo-lawyers unless you agree to pursue the suit. In which case, you probably deserve to be bankrupt.
Re: (Score:2)
I mean Microsoft or whoever could have software that crawls the web, parses posts to find ones that seemingly meet the legal definition of defamation (where Microsoft is the target), and then files a suit for each one.
And then the people on the receiving end of these suits get bankrupted by the legal fees of their human lawyers and/or the judgement/settlement.
Re: (Score:2)
Probably because deterrence, on general principles. It's far less insane for Bruce to do this than nearly anyone else (given his prominence, and his Rolodex, he might have had some support footing this bill, too). Plus for $500k, you want to run the deterrence (it can bite back) up the largest available flag pole, and with the most credibility.
Plus I'm pretty sure you missed the essential circul
Re: (Score:2)
Doesn't anyone else see this as insane?
Americans either enjoy this crazy legal system or feel powerless to change it. None of these matches any theories of a benevolent government.
Ahh the olden days... (Score:2, Interesting)
My, I should have gotten an account like a year before I did... I remember when Rob told me about /. on #Linux96 and so I was like, ok sure I'll check it out... then it became Slashdot... and finally I was like, damn, perhaps I should have an account. I could have had a cool reader #. :( Maybe even in the double digits lol.
Ok, yeah this comment adds exactly zero to the conversation. Sorry.
I do want to say I remember when Bruce and Eric were coming out of the office after they were having meetings about
Re: (Score:1)
Re: (Score:2)
Ha, I remember thinking roughly the same thing. It took me a while before I finally made an account. Looks like there are still a number of us old dinosaurs kicking around. I was one of the high school script kiddies that hung around in the enlightenment channel running bitchx back in the 90s. Back when Rob was still best known for his afterstep plugins. Caught the tail end of the wave but never quite felt like I was riding it like some of the other folks that were already in college and working on int
uhh (Score:2)
3872? Punk kid needs to get off my lawn. :)
Re: (Score:2)
#3706? Pfft. Someone else has some lawn-getting-off-of to do.
Re:uhh (Score:4, Funny)
Now children. Behave yourselves. :p ;)
Re: (Score:1)
Get! Off! My! Lawn!
grsecurity (Score:2, Insightful)
I think grsecurity is a great set of patches to the linux kernel, most of which were originally provided by others and integrated into his combo-patch set. I think it was better when he offered it for free and only charged commercial users. It would be like linus all of sudden start making linux a pay-only piece of software. Most people would be turned off or have a bad taste in their mouths. He should realize that these patches, things like untrusted path execution, /proc restrictions and so on, althou
Re: (Score:2, Insightful)
The idiotic drama surrounding Linux "security" shows a large area for improvement that few have cared about during the lifetime of Linux. OpenBSD, MINIX, seL4 and others are very successful for pursuing security without drama, due to security being a clear goal that is designed for.
Re:grsecurity (Score:5, Informative)
Re: (Score:3)
Not defamation, but still a bad policy (Score:5, Interesting)
Just to get this out of the way, while I disagree strongly with Bruce about the merits of his claim, I do not in any way support the defamation claim against him for saying it. A differing view is not the same as a defamatory statement.
That said, the idea that a set of modifications to a copyright product, distributed separately, constitutes a derivative work is terrible policy and is philosophically counter to the 'freedom to tinker' that the tech community holds dear. I don't know if it is is the law right now (and absent. a very expensive test case, we aren't likely to find out), but just as a matter of policy I think it would be a Very Bad Ideaâ.
Consider, for instance, a student or researcher that patches the software in a commercial digital microscope to improve image quality or performance in a fashion. Let's further suppose they release the patch under some F/OSS license both to benefit other users of the product but also as part of disclosing their methods for the purpose of scientific integrity and reproducibility. It's undisputed that the company selling the microscope retains copyright. in the original software, but under Perens' claim they also have rights to the patch as a derivative work.
To me, this cannot be right. A modification to a work, distributed separately, is not derivative. It is not a copy with some changes, it is just the changes. To say that one violates copyright without distributing a single bit of the underlying work inflates the power of rights holders at the expense of everyone else, in a regime that's already quite solicitous of the rights holders.
[ Of course, GRSecurity are not the greatest poster boys for this claim. But bad examples should not make bad policy. The claim here is a one that has broad implications beyond the individual lawsuit-happy jerks involved this time. ]
Re: (Score:1)
I think what Bruce is saying is that if the original software is distributed under GPL the modifications must be distributed under something that is compatible with the GPL and that any statements added to the license cannot take away rights to redistribution guaranteed under the GPL. I.e a modification based on GPL published source has to be GPL compatible.
Re: (Score:2)
There is no way to limit this to the GPL (or F/OSS licenses generally). If his claim is a correct. statement of law, then modifications of a copyright work are derivative works irrespective of whether they derive from a GPL original or a proprietary original.
There's no special law over just the GPL -- if GRSec (or nVidia!) create a derivative work by distributing a patch or
Re: (Score:2)
That said, the idea that a set of modifications to a copyright product, distributed separately, constitutes a derivative work is terrible policy and is philosophically counter to the 'freedom to tinker' that the tech community holds dear.
I have always felt that it was a bit of an overreach too. Kind of like how EULAs overreach. *sigh* So many greedy and selfish people on all sides. It also annoys me that they think linking is a copyright issue too. No, you are using an API. Just because my code can talk to your code, that does not give you any right to my code.
for great justice! (Score:2)
Spengler: You have no chance to survive. Make your time!
Judge: Yawn. lolwhat? omgwtfbbq. Next case!
Love grsec, but Spengler is such a prick.
Re: (Score:2)
Spengler is such a prick.
How can you say such a thing about the lead scientist of Ghostbusters?
Good job Bruce and crew. (Score:2)
Was pretty confident that the suit would fail, too bad it takes $500k to make the court see common sense.