Cisco Systems is a gold member of the Linux Foundation, the non-profit association "dedicated to fostering the growth of Linux." Yet according to a lawsuit for copyright violation filed last week by the Software Freedom Law Center on behalf of the Free Software Foundation (FSF), Cisco has repeatedly infringed on the copyright of core GNU/Linux utilities over the last five years.
Specifically, the complaint alleges that Cisco has shipped hardware products with such programs as GCC and Binutils without making their source code available to customers, as required by the GNU General Public License -- a claim that, if true, makes Cisco's membership in the Linux Foundation seem hypocritical.
As is often the course of action for defendants in legal cases, Cisco has only given a formal reply to the suit in public. In a response posted on the blog of Joe Brockmeier, the openSUSE community manager, Cisco stated that it "is a strong supporter of open source software" and believes it is "substantially in compliance" with the issues raised in the suit.
Brett Smith, the FSF compliance engineer, whose work centers on investigating and correcting GPL violations, did reply, but was cautious about talking about the specifics of the case. For the most part, he would only talk in general terms about similar compliance issues in the past, or flesh out details included in the suit. However, those details are worth hearing, because they give a clearer view of the issues and circumstances involved -- at least from the FSF's perspective.
According to the FSF, the problem is not Cisco's efforts to come into compliance in individual circumstances, but Cisco's reluctance to discuss reparations that would restore the company's right to redistribute FSF-copyrighted software.
The history of the case
According to Smith's blog entry on the subject, the FSF has been discussing GPL compliance issues with Cisco since 2003, after it was informed by users that the Linksys WRT54G router used what Smith describes as "a pretty complete free software stack."
However, the particular issue in the complaint dates from 12 May, 2006, and concerns several other pieces of Linksys hardware. In the short, numbered paragraphs typical of legal documents, the complaint claims that, for the next two years, Cisco acknowledged license violations, but that new violations kept coming to light.
According to the complaint, Cisco superficially appeared to be in compliance, labeling products as containing GPL-licensed code and offering source code on its web site as demanded by the license. However, on closer inspection, the FSF alleges that it repeatedly found that the code offered was incomplete, and found evidence that requests for the code by customers were going unfulfilled.
The exact number is not specified by either the complaint or by Smith, but Smith estimates that 20-30 Linksys products were identified by the FSF as being in violation. Since most of these products ship with more than one FSF-copyrighted piece of software, it seems likely that at least some are involved in multiple alleged violations, although Smith did not specify that.
Finally, on 25 March, 2008, the FSF sent a list of conditions that it wanted Cisco to fulfill in order to regain its right to distribute software on which the FSF held copyright (other software licensed under the GPL by other parties is not part of the case). These conditions were: full GPL compliance on all Cisco products that shipped FSF software; the appointment of a compliance engineer to prevent system problems in the future; good faith efforts to notify past customers that they could have the source code for FSF software, and compensation for past violations.
For the next three months, Cisco and the FSF discussed these demands, allegedly with Cisco pleading that it had resolved "most" of the compliance issues, according to the complaint. Finally, the FSF concluded, in the words of the complaint, that "Unfortunately, those discussions have now proven unfruitful and the parties are at an impasse." As a result, the FSF is asking costs, damages, and an order "to impound all infringing materials," on the grounds that, based on Cisco's actions, it cannot be counted on for compliance in the future.
The Compliance Process -- It's Not What You Think
To an outsider, the Cisco case may sound like a major step. And, from a legal perspective, it is. However, Smith makes clear that the background of the case is different only in the specifics from the others that he handles on a daily basis. Like most other cases, Cisco's began with a report from users that the FSF investigated, and included efforts to help the offending company come into compliance. And, contrary to what you might first expect, the FSF's goal in compliance cases is not adversarial or confrontational.
"Our goal is to be as friendly as possible," Smith says, "To let [offending companies] know that, yes, the software is under the GPL, and this is what you have to do to comply with the license. But, so long as they do that, we're not out for money, or to make an example of anyone. License compliance is always our top priority."