This essay was originally published in LinuxUser.
September 10, 2001
Last month I described in general terms the legal theory of the GPL. This month, I'd like to explain how, contrary to the fear, uncertainty and doubt sown by Microsoft, the license is actually enforced.
Much murmuring has been going on in recent months to the supposed effect that the absence of judicial enforcement, in US or other courts, somehow demonstrates that there is something wrong with the GPL, that its unusual policy goal is implemented in a technically indefensible way, or that the Free Software Foundation, which authors the license, is afraid of testing it in court. Precisely the reverse is true. We do not find ourselves taking the GPL to court because no one has yet been willing to risk contesting it with us there.
So what happens when the GPL is violated? With software for which the Free Software Foundation holds the copyright (either because we wrote the programs in the first place, or because free software authors have assigned us the copyright, in order to take advantage of our expertise in protecting their software's freedom), the first step is a report, usually received by email to email@example.com. We ask the reporters of violations to help us establish necessary facts, and then we conduct whatever further investigation is required.
We reach this stage dozens of times a year. A quiet initial contact is usually sufficient to resolve the problem. Parties thought they were complying with GPL, and are pleased to follow advice on the correction of an error. Sometimes, however, we believe that confidence-building measures will be required, because the scale of the violation or its persistence in time makes mere voluntary compliance insufficient. In such situations we work with organizations to establish GPL-compliance programs within their enterprises, led by senior managers who report to us, and directly to their enterprises' managing boards, regularly. In particularly complex cases, we have sometimes insisted upon measures that would make subsequent judicial enforcement simple and rapid in the event of future violation.
In approximately a decade of enforcing the GPL, I have never insisted on payment of damages to the Foundation for violation of the license, and I have rarely required public admission of wrongdoing. Our position has always been that compliance with the license, and security for future good behavior, are the most important goals. We have done everything to make it easy for violators to comply, and we have offered oblivion with respect to past faults.
In the early years of the free software movement, this was probably the only strategy available. Expensive and burdensome litigation might have destroyed the FSF, or at least prevented it from doing what we knew was necessary to make the free software movement the permanent force in reshaping the software industry that it has now become. Over time, however, we persisted in our approach to license enforcement not because we had to, but because it worked. An entire industry grew up around free software, all of whose participants understood the overwhelming importance of the GPL--no one wanted to be seen as the villain who stole free software, and no one wanted to be the customer, business partner, or even employee of such a bad actor. Faced with a choice between compliance without publicity or a campaign of bad publicity and a litigation battle they could not win, violators chose not to play it the hard way.
We have even, once or twice, faced enterprises which, under US copyright law, were engaged in deliberate, criminal copyright infringement: taking the source code of GPL'd software, recompiling it with an attempt to conceal its origin, and offering it for sale as a proprietary product. I have assisted free software developers other than the FSF to deal with such problems, which we have resolved--since the criminal infringer would not voluntarily desist and, in the cases I have in mind, legal technicalities prevented actual criminal prosecution of the violators--by talking to redistributors and potential customers. ``Why would you want to pay serious money,'' we have asked, ``for software that infringes our license and will bog you down in complex legal problems, when you can have the real thing for free?'' Customers have never failed to see the pertinence of the question. The stealing of free software is one place where, indeed, crime doesn't pay.
But perhaps we have succeeded too well. If I had used the courts to enforce the GPL years ago, Microsoft's whispering would now be falling on deaf ears. Just this month I have been working on a couple of moderately sticky situations. ``Look,'' I say, ``at how many people all over the world are pressuring me to enforce the GPL in court, just to prove I can. I really need to make an example of someone. Would you like to volunteer?''
Someday someone will. But that someone's customers are going to go
elsewhere, talented technologists who don't want their own reputations
associated with such an enterprise will quit, and bad publicity will smother
them. And that's all before we even walk into court. The first person who
tries it will certainly wish he hadn't. Our way of doing law has been as
unusual as our way of doing software, but that's just the point. Free
software matters because it turns out that the different way is the right way
* Eben Moglen is professor of law and legal history at Columbia University Law School. He serves without fee as General Counsel of the Free Software Foundation. You can read more of his writing at moglen.law.columbia.edu.