November 21, 2024

Does Sony's Copy Protection Infringe Copyrights?

The Sony copy protection debacle has so many angles that the mainstream press is having trouble keeping track of them all. The rootkit. The spyware. The other spyware. The big security hole. The other big security hole. It’s not surprising, then, that at least one important angle has gone nearly undiscussed in the mainstream press: the likelihood that the Sony/First4Internet XCP copy protection software itself infringes several copyrights. (Note to geeks: Slashdot doesn’t qualify as the mainstream press.)

Matti Nikki (a.k.a. Muzzy) and Sebastian Porst have done great work unearthing evidence pointing to infringement. They claim that the code file ECDPlayerControl.ocx, which ships as part of XCP, contains code from several copyrighted programs, including LAME, id3lib, mpglib, mpg123, FAAC, and most amusingly, DVD-Jon’s DRMS.

These are all open source programs. And of course open source is not the same as public domain. Open source programs are distributed with license agreements. If you copy and redistribute such a program, you’re a copyright infringer, unless you’re complying with the terms of the program’s license. The licenses in question are the Free Software Foundation’s GPL for mpg123 and DRMS, and the LGPL for the other programs. The terms of the GPL would require the companies to distribute the source code of XCP, which they’re certainly not doing. The LGPL requires less, but it still requires the companies to distribute things such as the object code of the relevant module without the LGPL-protected code, which the companies are not doing. So if they’re shipping code from these libraries, they’re infringing copyrights.

How strong is the evidence of infringement? For some of the allegedly copied programs, the evidence is very strong indeed. Consider this string of characters that appears in the XCP code:

FAAC – Freeware Advanced Audio Coder (http://www.audiocoding.com/). Copyright (C) 1999,2000,2001 Menno Bakker.

Porst also reports finding many blocks of code that appear to have come from FAAC. Porst claims equally strong evidence of copying from mpglib, LAME, and id3lib. This evidence looks very convincing.

He also points to evidence of copying from DRMS, which doesn’t look quite as strong, though it is very suggestive. (There are extensive similarities between DRMS and the XCP code, but because DRMS implements a decryption algorithm that offers fewer implementation choices than ordinary code does, it’s easier to imagine that similarities might have arisen by chance. I would have to study the two programs in more detail to say more. But let me reiterate that the DRMS evidence is at least very suggestive.)

The upshot of all this is that it appears the authors of at least some of these programs can sue First4Internet and Sony for copyright infringement. First4Internet wrote the allegedly infringing software and gave it to Sony, and Sony distributed the software to the public. Sony might not have known that the code they were shipping infringed, but according to copyright lawyers, there is strict liability for copyright infringement, meaning that lack of knowledge is not a defense against liability. (Lack of knowledge might reduce the damages.) So both companies could face suits.

The big question now, I suppose, is whether any of the copyright holders will sue. The developers of LAME wrote an open letter to Sony, saying that they’re not the suing type but they expect Sony to resolve the situation responsibly. They don’t say exactly what this means, but I expect they would be happy if Sony recalls the affected CDs (which it is already doing) and doesn’t ship XCP anymore. To my knowledge, we haven’t heard from the other copyright owners.

Being accused of infringement must be horribly embarrassing for Sony, given the number of ordinary people it has sued for infringing on a much smaller scale that Sony is accused of doing, and given that the whole purpose of this software was supposedly to reduce infringement. This is just another part of the lesson that Sony must have learned by now – and that other entertainment companies would be wise to learn – that it’s a bad idea to ship software if you haven’t thought very, very carefully about how it was designed and what your customers will think of it.

Comments

  1. Edward Kuns says

    Kikkoman,

    I apologize for the “serious misunderstandings” content of my remarks. In my talking about ownership above, I was talking primarily about software purchased at a consumer mass-market retail store. When it comes to GPL software that you don’t purchase in the same way, I see your point about owner vs licensee.

    I will note that the GPL expressedly states in section 0:

    The act of running the Program is not restricted

    This says that you do not need the copyright holder’s permission to use a GPL program. We know from above that you do not need a copyright holder’s permission to use software that you have purchased. This tells me that if you are in legal possession of software, that you do not require anyone’s permission to run it.

  2. Edward,

    If you are going to accuse me of “serious misunderstandings” about intellectual property law, please read ALL of my posts above about the debate regarding a “sale” (where you are an “owner”) versus a “license” (where you are a “licensee”) and Section 117 and how it relates to this whole thing. I will be happy to provide you authority for that as well. I don’t appreciate being accused of having “serious misunderstandings” about the law. I won’t accuse you of the same.

    I am not sure (and neither should you be) that the people behind the GPL are alleging that you are the “owner” of the the copy of software rather than simply a “licensee” of a copy. There could be unintended consequences behind this and I haven’t thought it all through (first sale doctrine consequences). Again, I have stated this in a prior post above.

  3. Edward Kuns says

    Did you read the link you provided above? 🙂 It states that if you are the OWNER of the software, you do not need the copyright holder’s permission to use the software. The case you state above involves someone NOT the owner of the software making use of the software.

    To quote from the link above:

    The court found that [snip] section 117 allows copies to utilize the software to be made without permission of the copyright holder by the ‘owner’ of the copy of software.

    That explicitly says that if you bought a piece of software, thus being the owner of that copy of said software, that you do not need additional permission from the copyright holder to use this software.

  4. Edward,

    Your point about temporary copies is a good one and there has been debate about this by scholars.

    As US law stands today, however, you are wrong. “‘The loading of copyrighted computer software from a permanent storage device (hard disk, floppy disk, or read only memory) into the memory of a central processing unit (‘CPU’) causes a copy to be made. In the absence of ownership of the copright or express permission by license, such acts constitute copyright infringement.” This is from the MAI Systems Corp. v Peak Computer, Inc. case and I will again (as I did above) provide the link:

    http://en.wikipedia.org/wiki/MAI_Systems_Corp._v._Peak_Computer%2C_Inc.

    You can also peruse Chapter 2, Section C (“Exclusive Rights in Computer Programs”), Section 1 (The Right to Make “Copies”) of the book entitled “Software and Internet Law” by Mark Lemley, Peter Menell, Robert Merges and Pamela Samuelson if you need further details about the law.

    If you have other cases or treatises to back up your statement, please let me know.

  5. Kikkoman,

    I believe you have some serious misunderstandings about copyright law, and are mixing up copyright and patent and other (so called) intellectual property concepts.

    You say that you need the copyright holder’s permission to use software. This is not true at all, as long as you received your copy of the software through legal means. The law explicitly states that if you have acquired software legally, then you have the legal right to “make a copy” in the computer’s memory as required to use the software. You do not get this right from the copyright holder. You already have it.

    This is why the copyright holder does not, in fact, have the legal ability to add restrictions on use in the way that you suggest, and this is why the GPL is not a contract, but is instead a license.

    Only the act of distributing software counts as “making copies” as copyright law sees it. While using software technically speaking requires making a copy, it does not require making a copy as copyright law sees it. (A simplificiation, but…) Similiarly, you could suggest that reading a book requires making a temporary copy of the page you are reading in your brain. If you could not do this, you coiuld not read the book. But no-one would suggest (I hope) that just because you have to make this mental copy of a page to read it that this means that the book copyright holders can add additional terms just because they say so.

  6. Anthony:

    While it is true that non-U.S. authors do not need prior registration to bring suit under the Copyright Act (see Section 411), they still need to have registered their work prior to the infringement or within three months of first publication to be eligible for statutory damages and attorney’s fees (see Section 412). This may be technically inconsistent with the Berne Convention, but Berne is not self-executing, and this discrepancy has not been reversed by any U.S. court.

  7. But Jesse, the law protects even fools. Why treat granting the right to mak copies (for use), distribution and derivative works differently? They are all copyright rights.

    Why shouldn’t we “alert,” using your term, the downloader about distribution and derivative works in the same manner as use? They all require permission from the copyright owner. GPL source code is downloaded as much for creating derivative works of it as it is for mere use.

    You shouldn’t need to *find* or *look for* the terms of the GPL. It should be there in front of you before you download the software so you know exactly what you are getting yourself into in the event you (1) “use” the software – which, as discussed, requires the copyright owner’s permission and therefore allows him to impose obligations on you if he desires (the GPL grants you broad rights here and no obligations, commercial EULAs grant you rights to use as well, but imposes the obligation that you pay money), (2) distribute it (the GPL grants you the right, but imposes obligations to reveal your own source code if you do, commercial EULAs simply prohibit it), and (3) make derivative works (the GPL grants you the right but imposes obligations to reveal your own source code if you do, commercial EULA’s simply prohibit it). Any obligations that the copyright owner wants to impose on you in the event he gives you permission to do something you are not otherwise allowed to do should be set forth in the beginning so the licensee makes an informed decision.

    To me, this issue is a little analogous to informed consent in the privacy world. We want to make sure everyone has all the information upfront in order to understand the implications of giving out personal information to third parties. If you understand the implications only AFTER you have given out your personal information, it may be too late. In the same vein, everyone should have all the information upfront in order to understand the implications of using GPL. If they discosver only AFTER that they need to reveal all the derived source code that they thought they could keep secret (because they are distributing the derive code), it may be too late from a business perspective.

    Let me put it this way (as I think we have had a good debate on this and maybe we should leave it and move to other good debates):

    We cannot “deem” or force the GPL to be something it is not by saying it is a license or a contract. The GPL simply *is* either a pure license or a contract that contains some licensing language as all EULAs do (End User LICENSE Agreement). If I call an apple an orange, it is still an apple. Whether the GPL calls itself a license will not govern what it is under the law and a judge will ultimately determine whether it is a license or a contract because it is certainly not black or white. As we both have seen, it is certainly subject to debate.

    If I have developed an open source project and I want to make it subject to the GPL, you better believe that I am going to put it in a clickwrap pop-up window and make sure the licensee clicks “I accept” to the terms of the GPL in order to comply with the law just in case the GPL is deemd to be a contract by a judge. I want to minimize any argument the licensee or the judge could make that the GPL is not enforceable because it was hidden in a README file and therefore did not give the licensee a chance to agree to what he was doing and indeed suggested to the licensee (who is a fool) that it was free because it was freely downloadable. If you keep the GPL hidden in a README file, you simply open up a chance that a judge and a licensee will say that the GPL is not enforceable because the licensee didn’t accept the terms (e.g., no past damages). I want to completely shut out that chance. Use the law to your advantage, don’t allow the fool any arguments.

    My answer to your last paragrph – the distributor wants to promote the open source idea and wants the licensee’s derivative works to be freely accessible if the licensee distributes these works – that is a noble desire. So in return for giving the source code to the licensee, the licensee gives the distributor its agreement that it will disclose its source code to the world. That is the basis for contract – obligations on both sides that need to be agreed to. It doesn’t matter that the GPL states it doesn’t impose obligations on the user – as a matter of fact, I think it does per my earlier posts. I know you said you are not a lawyer, but you have a good analytical mind to be lawyer – perhaps you should consider it?

    This debate has been a pleasure. Thank you.

  8. One more thing on your last point. If the GPL should really be a contract, it does not mean you have lost your right to argue that the license part of the GPL contract has been violated. You do not need to rely on breach of contract – that is just an additional right you have to claim. You can argue that the scope of the license granted in the GPL contract was exceeded and therefore was violative of the copyright owner’s rights. Treating the GPL as a contract that required acceptance does not take away that right to argue copyright infringement (as opposed to breach of contract).

  9. Jesse,

    Try the very useful Wikipedia link for one of the seminal cases:

    http://en.wikipedia.org/wiki/MAI_Systems_Corp._v._Peak_Computer%2C_Inc.

    I agree with your point in the second paragraph about a statement that says “Anyone who has a copy of this software is granted the right to make whatever copies are necessary to use it.” That to me is a pure license. No obligations on the person who has a copy to do anything. No need to click and “I accept” to these terms, probably.

    However, if the statement stated: “Anyone who has a copy of this software is granted the right to make whatever copies are necesssary to use it, provided, that when they make such copies, they also need to reveal to the public the source code to anything else they may be working on,” I start becoming unsure whether or not that is a pure license, or an actual agreement or contract. Now there are obligations imposed on the user that he must agree to in order to make copies (in in the case of the GPL, in order to distribute or make derivative works) – that is a contract to me.

    If you put the first part of the sentence upfront and then put the “provided, that . . . ” clause hidden in a README file, I think that is a little bit unfair because the “provided, that . . .” goes could go unnoticed until it is too late. I just think the GPL terms and conditions should be placed in a conspicuous place, allowing for upfront understanding of the consequences of using the GPL code, including for further downstream use, before someone unknowingly (and maybe ignorantly) spends a lot of money and resources making that GPL an integral part of their software product only to discover after committing all those resources that they should have known about the GPL and its terms and condition. Is that so bad?

  10. Anthony,

    We have that concept here in the US as well – it is called the “first sale doctrine” – if I buy a book, I don’t need a license to “use” it, because I am not making copies – I am simply reading it. I can also resell my book without permission from the copyright owner.

    Copyright jurisprudence in the US regarding software, however, is a bit confused, I think – because you actually need to make copies of software in the computer’s memory simply to “use” it, you are techinically violating the copyright act. As such, Section 117 of the Copyright Act tried to resolve this point by giving the owner of a copy of software the right to make as many copies as needed to run the software without technically violating the copyright owner’s rights. It may all be rubbish, but this is the law in the U.S. as it now stands.

    However, that spurred the great debate about whether buying software is a “sale” such that you own a copy of the software and gain the protections of Section 117 or merely “license” where you may not necessarily be an owner of a copy. I’m not sure the GPL at this point is maintaining that it is an actual sale rather than a license of the downloaded copy of open source software – there would be large consequences to that position, which I haven’t thought about in depth.

  11. Anthony Youngman says

    I forgot … a note for Adam about registering copyrights …

    DVD Jon is Norwegian. I think the LAME guys are German. The requirement to register copyrights only applies to works by Americans in America.

    The Berne convention demands “equal treatment”. If I (as a Brit) abide by UK law with regard to protecting my work over here, I am entitled to protect my work in America AS IF I had complied with American law over there.

    afaik no European country requires registration. So there’s no need for me to register in America, but I get all the benefits as if I did. That’s fair – it merely tells American companies that if they want to use a work that originated in, say, Britain, all they need to do is check British (and American) law. Check whether it is a protected work under British law, and then check whether it is still protected under American law.

    You do need to be careful, because I believe the US has changed the term of copyright to “life + 90” while it’s “life + 70” here. So you get anomalies where I can take the work of an American guy who died 80 years ago and publish it here (because I can’t be sued under British law), but you can’t take the work of an equivalent Brit and publish it in the US because it’s still protected under US law.

    Cheers,
    Wol

  12. Anthony Youngman says

    Kikkoman,

    Under US law you do not need permission to use software. Most other jurisdictions would just assume that if you legally possess something, surely you have the right to use that thing.

    So basically, all this rubbish about “you need to copy the software in order to use it” is just that – rubbish. Here in the UK we have something called “The Sale of Goods Act”, which basically says “if you can’t use something and you told the seller that that is what you intended to do with whatever it was you bought, then it’s the seller’s problem, not yours”. So if I buy software only to discover that I can’t use it, I have the right IN LAW to go back to the seller and demand he put it right. Okay, he’ll probably just give me a refund, but the fact that that doesn’t happen tells me I have a cast iron RIGHT to use the software.

    The thing about the GPL is that it gives you PERMISSION to do something that is otherwise FORBIDDEN. As Jesse says, if you haven’t found and read the licence, you shouldn’t be copying and distributing the software, because that is illegal BY DEFAULT. So the GPL IS a pure licence – it is giving you permission to do something that is otherwise illegal.

    Oh – and for some other people here, it seems pretty certain that XCP DOES infringe on DVD Jon’s software. The software needs an Apple copyright statement to function correctly. To avoid putting such a notice in his program in clear text, Jon rot-13’d it. That rot’d string appears in XCP. Given that Jon’s software is the ONLY known place that string could have come from, the evidence is strong.

    Cheers,
    Wol

  13. Jesse,

    Your responses are good counters to my points. I appreciate the philosophy behind them, but I still stand behind my arguments and am not sure you are completely correct.

    Technically speaking, I believe you need permission from the copyright owner just for the mere “use” of that software. Everytime I buy commercial software, I am subject to a clickwrap agreement that discusses the terms and conditions for the “use”, not for the right to distribute or make derivative works (which are forbidden by law without permission and NOT expressly allowed by the clickwrap agreement). Why do I need to agree to a clickwrap agreement for commercial software for the mere “use” of that software?

    No matter what the GPL says, the mere “use” of software inherently involves “copying”. Thus, you cannot “use” software without express permission from the copyright owner because you make copies of the software in the memory of the computer everytime you run the software (there is the great sale versus license debate regarding software and the protections of Section 117 of the Copyright Act, but that is for a different discussion).

    You are arguing about what the GPL says, but you have actually found it and read it and are knowledgable. Everyone else should have that opportunity to read it before using the GPL software (again, mere use violates the copyright owners exclusive right to make copies). Having a click-wrap agreement agreed to up front would eliminate that need for looking for those terms and conditions. The GPL states that it does not govern “use,” but what it actually may mean by that is that the copyright owner is expressly granting you the right, as a licensee, to make any copies that you need in order to use the software (otherwise you would be violating the copyright owners rights).

    Upfront agreement to the terms and conditions just seems simple and, to me, the “right thing to do” and I believe it would eliminate lots of after the fact issues. I don’t see the “dangers” of upfront agreement that you allege – I do see the dangers that are happening now for companies that are unfortunately behind the curve on their open source knowledge and inadvertantly use such GPL software without understanding the consequences of subsequent distribution in their own commercial product because they incorrectly believe open source is “free” software in all respects (i.e, the copyright owner has disclaimed all rights in the software – why else, would it be freely downloadable in source code format?).

    Happy Thanksgiving.

  14. Jesse Weinstein says

    Kikkoman-

    Thanks for expanding on what you meant about the obligations of the GPL. While it seems a good and nice thing to make it as clear to people as possible what obligations they may be bound to, pretending that the GPL must be afferatively agreed to has a lot of dangers that make it not worth it.

    If, as it is now, the GPL is simply a license (i.e. something which grants the licensee further abilities e did not have before), anyone merely *using*(or downloading) the software has no need, and should not need, to read or know about the GPL. Only if the person wants to do what is normally forbidden by copyright law(make copies, make derivative works, distribute either, etc.) should they take the effort to look for, and find, a license, something that grants them the ability to do these things. If, at that point, the license requires certain other things of them, they should have read it in order to realize they could do the otherwise forbidden things anyway, so there’s nothing hidden. The point is that only people who assume they can do things normally forbidden by copyright law *without bothering to find or read any license or statement allowing them to do this* would have any obligations put on them without their knowledge.

    It is wrong to make the GPL a click-wrap license to use the software, as it has no effect(either way) on that use. And it is not needed to pop-up when someone distributes the software, as they should not be distributing it in any case unless they have already found and read the GPL that allows them to do so.

    No obligations are made except in response to privilages only granted by the same document(the GPL) that states the obligations.

    The GPL is *not* a set of “terms and conditions” – it is a set of privilages(to do what would otherwise be forbidden by copyright law) which include some obligations if those privilages are taken advantage of.

  15. If I had written any of the code that Sony BMG is distributing in violation of the license terms, I would be happy to settle out of court. All I would insist on is a simple statement to be placed on every CD and jewel box from them explaining their violations of other people’s copyrights. Obviously, they would not be allowed any input into the wording. Somehow, I think they would rather lose in court than agree to that.

  16. Jesse,

    I like your point regarding focusing on damages with respect to Sony. I haven’t thought about that angle, but other posters have and perhaps an argument can be made that the severity of damages may have to do with Sony’s obligations under the GPL – i.e., were they only obligated to disclose the original open source code only (damages seem minimal here since the entire world can go elsewhere – the original web site – and download the exact same original open source code) or were they obligated to disclose their own proprietary source code due to integrated compilation and modification of the original source code (damages may be larger, because this is precisely the type of sharing that open source was intended to encourage). My only point was that the consequences of compliance can be quite different (i.e., easy or hard to comply) for a business depending on how they use the open source.

    Regarding “GPL as a contract,” it is not the mere act of downloading that I was focused on. All the provisions in the GPL that a downloader would read and might say “Well, that certainly is something that I would prefer NOT to do” are what I would call the “obligations” in the GPL license agreement. Foremost are the obligations to disclose your own modifications as well as anything other source code that would be considered a “derivative work” of the original GPL source code if you distribute those modifications and or the derivative works.

    The GPL notes that if you do not agree to the terms of the GPL, then don’t use it. I completely agree. My only point is “Give downloaders a chance to know what those terms are and agree to those terms or not agree to those terms BEFORE they use it” But if you need the downloader to “agree” to the terms, then, in my mind, you are dangerously close to coming to an “agreement” or a “contract” and not a “pure license.” It seems a lot of cases where open source is found in software arises because somebody who doesn’t understand that open source software is not free has inadvertantly downloaded it and used it. Only AFTER THE FACT is this discovered (because the GPL did not come up as a clickwrap with an “I accept” button BEFORE THE FACT but was rather hidden in a README file where no one bothered to look) and at that time, the consequences are already difficult to deal with because important dependencies are already placed on the embedded GPL code (without the proper understanding of the obligations of using the GPL code). This is my point with the contract versus license debate – interpreting the GPL as a contract forces a clickwrap regime in order to make the GPL enforceable under the law. This would help minimize (perhaps not eliminate) the inadvertant AFTER THE FACT mess that always seems to happen.

    I think open source code is great and the fact that many people download and use it evidences the fact that the functionalities provided by open source code are not easy to implement. I just have an issue with the presentation of the terms and condition in a possibly hidden manner and an argument that it is a “license” such that it does not have to come up as a clickwrap agreement to be enforceable.

  17. Jesse Weinstein says

    Kikkoman-

    (IANAL) As I understand it, Sony is violating the GPL and LGPL by distributing executables which are derivative works of LAME, id3lib, mpglib, mpg123, FAAC, and maybe DRMS in a manner which is not permitted by the license they have to do so. They, like anyone else with a copy of (L)GPL’ed code, have a license – but that license requires certain things, and Sony is not doing them, therefore they are violating copyright. The evidence says that the (L)GPL’ed code is present in the executable, therefore, it is a “work based on the Program”, and so, Sony must do one of the following three things(none of which they are doing):
    Quoting from the text of the GPL:

    3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following:

    a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,

    b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,

    c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.)

    Part (c) does not apply, as Sony’s distribution is not noncommercial, so they must do (a) or (b); they clearly do not do either. That’s why they are violating the (L)GPL. Any more questions?

  18. Tommy Knowlton says

    In response to http://www.freedom-to-tinker.com/?p=933#comment-6378

    Wow. I just went back and re-read commentary surrounding Bobbs-Merrill Co. v. Straus, and found to my surprise that the issue there was the blanked license and NOT a private contract, as I had mistakenly recalled. I think I had misread that case and others in US copyright to mean – in my words – that copyright owners can’t use license or contract to gain additional exclusive rights in the work than those enumerated in the copyright act.

  19. Electronic Frontier Foundation to File Lawsuit
    http://www.eff.org/IP/DRM/Sony-BMG/#docs

    Also see update published in the Washington Post.
    http://blogs.washingtonpost.com/securityfix/2005/11/texas_attorney_.html

  20. Tommy and Adam

    I have always found the license versus contract debate a very interesting one. The FSF has always wanted to maintain that the GPL is a pure license and not a contract. I think that argument (whether consciously or not) enables them to maintain the position that the GPL can be put (almost hidden) in a README file embedded in a distribution rather than as a “pop-up” clickwrap agreement which is enforceable when there is clear assent (i.e., pushing the “I agree” to the terms). The law seems settled that clickwrap CONTRACTS are only enforeable when there is clear assent, such as clicking on an “I Agree” button. If the GPL is not a contract, but purely a license, then this whole line of clickwrap cases does not apply and the GPL can be put inconspicuously into a small file in the distribution. The fact that there are actual obligations imposed on licensee/downloader of the GPL makes it seem to be more a contract than a pure license.

    If the GPL appears as a clickwrap agreement where you need to press “I Agree”, these “mistaken” use cases where a company (with lax open source policies) only discovers after the fact that an engineer has used open source code might decrease.

  21. Jesse,

    Thank you very much. My question is more a practical one – did Sony use the GPL code in a way that would make it hard for them to correct their violation of the license? For example, if they are only obligated to distribute the original GPL source code and not their own proprietary code, then I don’t think there is much of an issue other than distributing the GPL source code as they had already downloaded themselves (i.e., correction of their violation is easy). However, if they truly did compile it with their own proprietary source code or have modified it significantly and are therefore obligated under the GPL code to distribute their own proprietary source code or modifications that have some trade secret value, then it sounds as if they have a larger issue if they are not willing to do so (i.e., correction of their violation is hard).

    When the news articles note that the open source code is “found in the executables” does that necessarily mean the open source code was combined and compiled with and into Sony’s own proprietary code? Or could that possibly mean that there are separate exectuable files, one of which is a standalone compilation of the GPL code, and therefore might not “infect” Sony’s own proprietary code?

  22. Tommy Knowlton says

    At http://www.freedom-to-tinker.com/?p=933#comment-6355 Ed said:

    I don’t see how this can turn into a test of the validity of the GPL or LGPL. If Sony is accused of infringement, the existence of a valid licence is a defense for Sony. If they copied the code and they don’t have a valid license (or another defense such as fair use), they lose. If anything, Sony would be arguing that the GPL/LGPL is valid.

    If the facts you’ve presented in the blog aren’t refuted, and the terms of the GPL are enforceable (i.e., the GPL is a “valid” license of rights under copyright), then Sony has apparently violated its terms; the rights holders should be entitled to relief. I think Sony loses either way, because I can’t foresee an argument against the enforceability of the GPL that wouldn’t also apply to the enforceability of their own software licenses.

  23. Tommy Knowlton says

    At http://www.freedom-to-tinker.com/?p=933#comment-6366 Kevin said:

    In my more cynical moments, I think that the first GPL-related lawsuit with teeth will lead to a court finding that the original author of the GPL-licensed software intended to dedicate it to the public domain. Or rather, that even though it’s not “public domain,” everyone has a right to appropriate it without troubling to comply with the license.

    IMO, if the courts reject the GPL’s terms as unenforceable, the GPL will still have served an important purpose, because if the GPL is unenforceable in its rather reasonable terms, then scores of shrink-wrap software licenses with far more draconian license terms will be equally unenforceable. I shudder to think that the courts would be willing to eviscerate the rights of the tens of thousands of FOSS contributors, while upholding the usurped rights of the shrink-wrap vendors.

  24. I just re-read my comment above. I meant to write “It does *not* matter what their intent was.” That paragraph should make more sense now.

  25. According to the Wahington Post, the Texas Attorney General is suing Sony.
    http://blogs.washingtonpost.com/securityfix/2005/11/texas_attorney_.html

    As these lawsuits materialize, one would hope that the prosecuting attorneys would visit the websites as part of the discovery process.

    California Class action lawsuit, Nov. 8, 2005
    http://blogs.washingtonpost.com/securityfix/2005/11/calif_ny_lawsui.html

    New York Class action lawsuit, Nov. 14, 2005
    http://blogs.washingtonpost.com/securityfix/2005/11/sony_faces_anot.html

    The “unfortunate” news about class action lawsuits is that they seek the recovery of damages, so I doubt that they would result in a change in the law or in a company actually giving up its bad business practices.

  26. Can someone elaborate on how Sony is violating the GPL and LGPL? Are they actually compiling the open source with their own proprietary code? Or are they merely including the GPL or LGPL code standalone in their distribution, have they modified the GPL or LGPL code in some way. I know there is debate on dynamic/static linking, etc, what is a “derivative work” under copyright law, etc. and how that pertains to the GPL, but it seems to me the first question is how from a technical perspective Sony is using the GPL and LGPL code.

  27. One thing is clear-

    first4Internet, having embarrassed a marquee client, been caught red-handed stealing code (and having induced liability for their clients), having introduced security holes into a potentially large number of systems, and having created such an enormous mess that even COMIC STRIPS are openly mocking them- well, first4internet is likely to shut down.

    And I strongly urge that if you are a hiring manager, and you see “first4internet” on a coder’s resume, you bring the lamer into the office just so the rest of your staff can watch while you flush his resume in front of him / her.

  28. I am a lawyer, so I won’t include the standard IANAL disclaimer here.

    Barry: I think it is unlikely that a court would order disclosure of source code where a company had combined proprietary code with code licensed under the GPL. There is a lot of discussion as whether the GPL is a contract or a license, and as to whether or not it even matters. But if it is a contract: (1) specific enforcement (injunctive relief) is generally disfavored for breach of contract, (2) there is nothing in the GPL “as a contract” that provides for injunctive relief, and (3) it’s not even clear to me that the GPL intends such a result. If it is a license, breach (or revocation) of that license means that the licensee loses its rights to the code. In that case, the proper remedy would be that the licensee can no longer distribute the code, not that it has to publish the rest of the code.

    Many copyright owners who have licensed works under the GPL might agree to *settle* if the infringer releases its proprietary code under the GPL as well, but that doesn’t mean that a Court would order it to do so. E.g., in the case of the Sitecom GPL violation in Germany, my impression is that Sitecom agreed to release all of the code in its router because it would have been impractical to stop selling its products. Although I don’t speak German and haven’t read the injunctive order, I believe the court ordered Sitecom to stop distributing its products until it complied with the terms of the GPL. So it did have the option of just ceasing use of the code covered by the GPL, but instead chose to comply with the license.

    It is likely that an United States court would act similarly.

    Kevin: I think the result you predict is unlikely. Consider a different case: it is well established that content posted to websites is protected by copyright, regardless of the presence or absence of a license and/or copyright notice. If content that has no guidelines for its use at all is protected by copyright, why shouldn’t content that has very specific conditions attached to its use? In other words, if no statement about how you can use content means you get the full protection of copyright law, why should some some statement that grants some conditional permission to use the copyrighted work be subject to less protection (or, in your hypothetical, no protection)?

    The fact that the matter might be decided on summary judgment does not mean the plaintiff would not be given the opportunity to “argue the issue in open court.” It just means the matter would be decided by a judge, and not a jury. The parties would still make their arguments and, in fact, have an opportunity for a hearing. The matter should only go to a jury if there are disputed issues of fact.

    Copyright infringers are subject to strict liability–it does matter what their intent was. So in the case at hand, what factual issues would you want a jury to decide?

    Finally, the whole point of statutory damages is that you don’t have to prove actual damages. There is some discretion within a *range* of statutory damages, but a defender couldn’t argue that statutory damages shouldn’t be awarded because they would be “disproportionate.” Statutory damages almost always exceed “actual damages” by several factors, but this doesn’t stop them from being awarded. (In fact, if your actual damages were higher than the statutory damages, you would just seek those instead).

  29. In my more cynical moments, I think that the first GPL-related lawsuit with teeth will lead to a court finding that the original author of the GPL-licensed software intended to dedicate it to the public domain. Or rather, that even though it’s not “public domain,” everyone has a right to appropriate it without troubling to comply with the license. After all, there are no actual damages – the original author gives the software away for free. The argument will be advanced that statutory damages are disproportionate, that there are no indirect, special nor consequential damanges, and therefore a correct amount of damages is zero.

    I’d also predict that the decision happens on summary judgment, without a GPL plaintiff being given the opportunity to argue the issue in open court.

  30. I hope SONY gets sued. It would be nice if FOX NEWS would run a report on this!

  31. Ed,

    The case would IMO involve two things: one, is Sony-BMG/F4I automatically bound to comply with the GPL by distributing executable code that was compiled from partially GPLed source? If not, then I agree with you that the case is purely a copyright infringement case that doesn’t involve the GPL. But if so, then two, can injunctive relief pertaining to violation of the GPL as a contract include forcing Sony or F4I to release the source code of the executables released in violation of the GPL?

    If that’s true, then the GPL becomes a very powerful legal tool for advancing the OSS movement. Who knows how much non-OSS has included GPLed code? Individuals could sue for injunctive relief to “liberate” possibly large amounts of code, and claim damages to essentially make the GPL violators foot the bill. Sony and any other company that has illegally used GPLed code would do everything they can to prevent this from happening, and the easiest thing in this case would be to settle out of court for purely monetary damages.

    (Insert standard IANAL disclaimer here. Feel free to correct me if/where I’m wrong.)

  32. Sony XCP DRM and copyright

    More thoughts on Freedom to Tinker  about whether Sony’s XCP DRM infringes copyright.
    How strong is the evidence of infringement? For some of the allegedly copied programs, the evidence is very strong indeed. Consider this string of charac…

  33. In all likelihood, the developers did not obtain copyright registrations for the code prior to the infringement, thus barring the possibility of statutory damages. They could still seek injunctive relief and actual damages, but now that Sony has recalled the CDs the former is not much of a club. Actual damages would be hard to establish, given that money is not usually exchanged when this code is licensed. It would certainly be embarrassing for Sony, and I agree that they would settle quickly rather than fight it out in this case.

  34. Ed,
    I’m not quite sure what you’re saying, but for the record, the GPL/LGPL specifically forbid what they did. So I kind of doubt they’d be arguing in favor of licenses that they violated 🙂

  35. Barry,

    I don’t see how this can turn into a test of the validity of the GPL or LGPL. If Sony is accused of infringement, the existence of a valid licence is a defense for Sony. If they copied the code and they don’t have a valid license (or another defense such as fair use), they lose. If anything, Sony would be arguing that the GPL/LGPL is valid.

  36. This story is potentially the most important angle of the whole Sony DRM fiasco. It definitely qualifies as news. But unfortunately, it won’t qualify as News until Sony and F4I get sued for their copyright violations. This is because there currently isn’t an apparent threat to Sony, as it’s unclear whether anyone will actually have the resources to file and win a lawsuit/settlement.

    If this does go to court, though, it’s a huge story for another reason: it would be a long-awaited legal test of copyleft and the GPL. I wouldn’t be surprised if Sony tried to settle just to prevent the GPL from being tested in court.

  37. This is an important case to bring up to US lawmakers, as they consider draconian laws to publish copyright infringers. These laws are a very bad idea, primarily because:
    (1) It’s hard to decide, legally, who is an infringer, so that big punishments will be arbitrary and will not generally prevent people from “committing the crime”. Sony’s behavior is a good example of this.
    (2) It has not been shown that most producers of content actually suffer damages from illegal copies, overall.

    I wish lawmakers had the knowledge and the guts to say to these large media companies: FIRST, you show respect for people’s genuine rights under copyright law. Then SECOND, come to us and ask us for some necessary protection.
    – tobias robison