Defender of your Digital Freedom

Home > Open Source > The What, Why and How of the GPL

The What, Why and How of the GPL

Nov 20,2018 | 09:59 am

In this article Mishi Choudhary discusses Free and Open Source Software (FOSS) and its importance

Much of the world’s most important, commercially significant software is distributed under copyright licensing terms that give recipients freedom to copy, modify and redistribute the software known as Free and Open Source Software or FOSS. One could not send or receive e-mail, surf the World Wide Web, perform a Google search or take advantage of many of the other benefits offered by the Internet without free software. Businesses, however, must learn efficient ways to manage open source software without fear of legal risks.

The ‘copyleft’ licences of the Free Software Foundation are concerned with protecting the freedoms of programmers, but, more importantly, these licences protect the freedom of all users. The goal of the copyleft licences is to ensure that all users of a program, or any work based on the program, have four fundamental freedoms:

The freedom to run the program for any purpose, without any additional permission
The freedom to read, study, understand and use any know-how or techniques taught or contained by the source code of the program
The freedom to modify, adapt, improve, or reuse any or all of the program code
The freedom to share with anyone, or no one, both modified and unmodified versions of the program

The easiest way to understand licence terms is to begin with why, rather than what. The GNU licences include the GPLv2 (under which the Linux kernel is distributed), GPLv3 (which is now the licence for all GNU projects), LGPLv2 and LGPLv3 for different libraries, and AGPLv3 for Software as a Service. These licences have been written by teams comprising leading developers and their lawyers, so that they can be used by all developers without any need for aid or assistance from lawyers. The purpose is to assure the four freedoms to all their users, and all users of modified versions or new programs containing portions of their programs. The essence of these freedoms is the prevention of proprietary enhancements to copylefted programs.

Copyright and copyleft

The primary legal regime that applies to software is copyright law. Copyleft, which uses functional parts of copyright law to achieve an unusual result (legal protection for free sharing) forms the core legal principle of these licences. It modifies, or ‘hacks’ copyright law, which is usually employed to strengthen the rights of authors or publishers, to instead strengthen the rights of users. Any work that is based on a copylefted program must also be licensed under the same copyleft licence. This is sometimes referred to as the ‘hereditary effect’ of copyleft or the ‘share and share alike’ principle.

With a lot of software now available under FOSS licensing terms, questions are often raised about compliance obligations, dual-licensing structures and enforcement strategies, especially now when monetisation by some copyright holders has happened at an unprecedented scale. Most organisations assume that their only choice is to buy expensive code scanning software that scans their own code and issues a Protex report concerning a product, which often doesn’t flag problems that result in litigation.

It is not advisable to rely blindly on code scanners as they work too late in the process to improve your governance and too early in the process to catch problems in your delivery and post-sale provisioning. Code scanners do the less important parts of the job, expensively, and do not do the more important parts of the job at all. Use them where they are cost-effective, as a supplement to your own governance and verification processes, but not as a primary tool for risk management.

There are more efficient ways to manage open source software without fear of legal risks. It is better to get on early in the process than pay to defend yourself against legal action. The key to compliance is governance. Software governance means the processes by which businesses document and control what software they take in, what software they distribute, and what licence terms they incur or offer on those inbound and outbound transactions. Whether the business is selling physical products with software embedded, or software products and services, good software governance is the key to minimum-cost preparation when it comes to meeting compliance obligations.

Open source is no longer a choice but a necessary raw material as you build your company; so hire knowledgeable team members to build efficient, compliant systems at the very onset, because you need to use your resources efficiently.

In my experience of working with commercial parties building GPL compliance programs—as well as in my role as a lawyer representing GPL licensors coping with the consequences of compliance failures—I have observed that there is a significant mismatch between the assumptions businesses make about compliance and the realities of what goes wrong, what causes disputes, and how those disputes are resolved. Often, companies incur great expenses in preparing to avoid unlikely risks that have low historical incidence of occurrence and low cost of remediation, while leaving unmanaged the risks that have historically resulted in all the litigation and other adverse outcomes.

Businesses must, therefore, prepare to meet their compliance obligations with minimal effort and at minimal cost, dealing preventively with the compliance risks they really face.

Telcos may cash in on loopholes in Trai regulation, warn experts

Prasanth Sugathan was quoted in the article.

No Patents for Standalone Software

In context of the latest guidelines of the Office of the Controller General of Patents, Designs & Trade Marks (CGPDTM) ...

Patents Office rolls back guidelines allowing patenting for software, hailed as victory for startups

Prasanth Sugathan was quoted in the article as saying, "The legislature by limiting the scope of patentable subject matter in ...

This new website will solve all your online privacy issues

SFLC.in’s new initiative, Privacy Bytes, a new website that contains resources on online privacy-related issues, matters and cases in India ...

Introduction of virtual Aadhaar case of too little, too late: Experts

In context of the launch of virtual Aadhaar, Mishi Choudhary was quoted as saying, “What Aadhaar needs is an overhaul ...

The number of Internet shutdowns in India is startling: SFLC

The Economic Times published an interview with Mishi Choudhary about the launch of portal internetshutdowns.in. Neha discussed various topics in ...

Telcos are allegedly deactivating mobile numbers which are not linked to Aadhaar

In an article discussing several instances of mobile network companies forcing people to link Aadhaar and deactivating their services in ...

Aadhaar hearings: Mandatory linking of Aadhaar with bank accounts violates the ‘Right to Equality’, argue petitioners

Our tweets from the Aadhaar hearings were used to write a news article on the hearing.

Privacy: Why it is important for users to protect their own data

Mishi Choudhary was quoted in an article that shed light on the importance of protecting one’s data.

SFLC expresses dismay at SC’s decision to exempt Section 7 from Aadhaar-linking deadline extension

Our statement on the Supreme Court decision to not exempt Section 7 of the Aadhaar Act from its interim order ...