Cisco Systems is a gold member of the Linux Foundation, the non-profit association "dedicated to fostering the growth of Linux." Yet according to a lawsuit for copyright violation filed last week by the Software Freedom Law Center on behalf of the Free Software Foundation (FSF), Cisco has repeatedly infringed on the copyright of core GNU/Linux utilities over the last five years.
Specifically, the complaint alleges that Cisco has shipped hardware products with such programs as GCC and Binutils without making their source code available to customers, as required by the GNU General Public License -- a claim that, if true, makes Cisco's membership in the Linux Foundation seem hypocritical.
As is often the course of action for defendants in legal cases, Cisco has only given a formal reply to the suit in public. In a response posted on the blog of Joe Brockmeier, the openSUSE community manager, Cisco stated that it "is a strong supporter of open source software" and believes it is "substantially in compliance" with the issues raised in the suit.
Brett Smith, the FSF compliance engineer, whose work centers on investigating and correcting GPL violations, did reply, but was cautious about talking about the specifics of the case. For the most part, he would only talk in general terms about similar compliance issues in the past, or flesh out details included in the suit. However, those details are worth hearing, because they give a clearer view of the issues and circumstances involved -- at least from the FSF's perspective.
According to the FSF, the problem is not Cisco's efforts to come into compliance in individual circumstances, but Cisco's reluctance to discuss reparations that would restore the company's right to redistribute FSF-copyrighted software.
The history of the case
According to Smith's blog entry on the subject, the FSF has been discussing GPL compliance issues with Cisco since 2003, after it was informed by users that the Linksys WRT54G router used what Smith describes as "a pretty complete free software stack."
However, the particular issue in the complaint dates from 12 May, 2006, and concerns several other pieces of Linksys hardware. In the short, numbered paragraphs typical of legal documents, the complaint claims that, for the next two years, Cisco acknowledged license violations, but that new violations kept coming to light.
According to the complaint, Cisco superficially appeared to be in compliance, labeling products as containing GPL-licensed code and offering source code on its web site as demanded by the license. However, on closer inspection, the FSF alleges that it repeatedly found that the code offered was incomplete, and found evidence that requests for the code by customers were going unfulfilled.
The exact number is not specified by either the complaint or by Smith, but Smith estimates that 20-30 Linksys products were identified by the FSF as being in violation. Since most of these products ship with more than one FSF-copyrighted piece of software, it seems likely that at least some are involved in multiple alleged violations, although Smith did not specify that.
Finally, on 25 March, 2008, the FSF sent a list of conditions that it wanted Cisco to fulfill in order to regain its right to distribute software on which the FSF held copyright (other software licensed under the GPL by other parties is not part of the case). These conditions were: full GPL compliance on all Cisco products that shipped FSF software; the appointment of a compliance engineer to prevent system problems in the future; good faith efforts to notify past customers that they could have the source code for FSF software, and compensation for past violations.
For the next three months, Cisco and the FSF discussed these demands, allegedly with Cisco pleading that it had resolved "most" of the compliance issues, according to the complaint. Finally, the FSF concluded, in the words of the complaint, that "Unfortunately, those discussions have now proven unfruitful and the parties are at an impasse." As a result, the FSF is asking costs, damages, and an order "to impound all infringing materials," on the grounds that, based on Cisco's actions, it cannot be counted on for compliance in the future.
The Compliance Process -- It's Not What You Think
To an outsider, the Cisco case may sound like a major step. And, from a legal perspective, it is. However, Smith makes clear that the background of the case is different only in the specifics from the others that he handles on a daily basis. Like most other cases, Cisco's began with a report from users that the FSF investigated, and included efforts to help the offending company come into compliance. And, contrary to what you might first expect, the FSF's goal in compliance cases is not adversarial or confrontational.
"Our goal is to be as friendly as possible," Smith says, "To let [offending companies] know that, yes, the software is under the GPL, and this is what you have to do to comply with the license. But, so long as they do that, we're not out for money, or to make an example of anyone. License compliance is always our top priority."
Smith continues, "Sometimes, some companies, as soon as you say the words 'license violations,' lawyer up, and you have to start talking to the lawyers. But even lawyers will usually calm down when you explain that you're not in it for the money, and you're not looking for trouble -- that you just want compliance. Because they realize that, if that's really true, then it's going to be much cheaper for them in the long run to comply rather than fight you every step of the way."
In Cisco's case, the only unusual aspect seems to be that, to judge from the fact that Cisco has been working on compliance with the FSF, the company has apparently acknowledged at least some GPL violations. And yet it seemingly has been slow to correct violations, and reluctant to discuss measures to prevent future problems.
"Were Cisco quicker to respond, we would have made a lot better progress, and we'd probably be done by now," Smith says. "The real issue that has pushed us to file suit is that we had got to the point where we really needed to start talking to Cisco about the past and the future -- in particular, what they were going to do to try to mitigate the damage done by previous violations, and what they were going to do to make sure that violations didn't happen in the future. But, despite several meetings and phone calls, they really seemed uninterested in having a conversation about these things. So far as they were concerned, they had fixed all the issues, or at least most of them, and they felt they were done with the process. But that's not really sufficient. Over the last five years, there's been so many violations coming from Cisco that it's clear that something is fundamentally wrong with the company that compliance isn't being given the attention it deserves."
Asked if the case meant that the usual process for compliance had failed, Smith replied, "That's absolutely right. This is our first suit for GPL compliance, and it's not a decision we entered into lightly. It took months of deliberation. We did it because we feel it's the best way to obtain GPL compliance in this particular case."
Possibly, a successful case against Cisco might have strategic value for the FSF by discouraging other large companies to comply with the GPL. However, Smith denies that such considerations went into the suit.
"At best, that's a nice side effect," he says. "Yeah, it would make my job easier if that happened, but that didn't factor into our decision-making process. Our decision-making process was focused on this particular case. We felt we were looking at two feasible ways we could go. One is that we could keep telling Cisco about reports we had received and working with them to address them for an indeterminate amount of time -- quite possibly as long as Cisco was in the business. On the other hand, we could file suit to get this problem meaningfully addressed at the company."
Smith does admit to having worried about how the case might be received in the free and open source software communities. "We were concerned for a while because Cisco does comply with some of its obligations under the GPL," he says. "So, at first glance, it might look like they're complying, and we were concerned that people in the community might be confused about what the issue was. But people have been quick to understand."
Possibly, the reason for the understanding is that the FSF's allegations are easy to investigate by anyone who is interested, simply by seeing what source code is available on the Cisco site or by making a formal request as a customer for it and seeing what happens. Or perhaps the community's distrust of large companies predisposes many to favor the FSF against any large corporation. Either way, should Cisco take the case to court and win, it might still lose in the court of public opinion -- including, perhaps, among its peers at the Linux Foundation, assuming that membership in the foundation carries any implication of dedication to free software methods and ideals.
However, despite the community support and the reasons that may be behind it, Smith wants to make it clear that the case does not signal a change in the way that the FSF seeks compliance with its licenses.
"We're not looking at filing more suits. It's a strain on FSF resources, and it's time and money that could be better spent advocating for free software in other ways. But, ultimately, we have to make sure that the license is protected. And in this particular case, filing suit unfortunately, seems the best to do that."