Blog

Copyleft Licensing: Applying GPLv3 Termination to GPLv2-licensed Works

By Eben Moglen | November 27, 2017

Today a coalition of major companies—led by Red Hat and including Google, IBM and Facebook—who create, modify and distribute FOSS under copyleft licenses have committed to the use of GPLv3’s approach to license termination for all their works published under the terms of GPLv2 and LGPLv2.1. Following last month’s statement to similar effect by the developers of the Linux kernel, the world’s most widely-used GPLv2 program, today’s announcement establishes a broad consensus in favor of the “notice and cure period” approach to first-time infringement issues that Richard Stallman and I adopted in GPLv3 more than a decade ago. This adoption of GPLv3’s approach for GPLv2 programs is an enormously important step in securing the long-term viability of copyleft licensing. All computer users who wish to see their rights respected by the technology they use are better off.

GPLv2, which was written by Richard Stallman and Jerry Cohen, is a masterpiece of legal innovation and durability. First released in mid-1991, GPLv2 transformed thinking around the world about the viability of copyright commons, and gave birth to a range of “share alike” licensing institutions, not only for software but for all forms of digital culture. It is still in unmodified use after more than a quarter-century, attaining a degree of institutional stability more often associated with statutes and constitutions than with transactional documents like copyright licenses.

In the early years of free software, building respect for GPL’s copyleft requirements could not have occurred without the automatic termination of the license in the event of breach, as called for in GPLv2 § 4. The leverage created by automatic termination was necessary to prevent parties from exhausting the scant resources Richard Stallman and I had available to ensure compliant distribution of copylefted software.

But by the middle of last decade, when Richard and I began intensive work on drafting, publicly discussing, and promulgating GPLv3, automatic termination clearly posed offsetting risks that reduced its value. The scale of free software’s adoption—orders of magnitude larger than could be forecast in 1991, and in particular the immense adoption of embedded free software in physical devices—made automatic termination a risk difficult to manage. Potentially hundreds of automatically-terminated licenses in a device stack resulting from an inadvertent error in the packaging of the device, and other similar cases, might well drive manufacturers away from copyleft altogether. Hence our decision to adopt a brief “cure period” after notice of first-time infringement, allowing parties to come into compliance without loss of rights to distribute, in GPLv3 § 8.

With respect to GPLv3, this modified termination approach has served well since the adoption of the license in 2007. Problems of “on again, off again” sham compliance have not appeared, because only the first infringement is subject to the “notice and cure period” provision. Negotiated settlement through non-contentious dialogue has remained the primary mode of securing respect for the license’s terms. Few issues of widespread or persistent violation of GPLv3’s terms have been seen, suggesting that the balance struck in GPLv3 § 8 has been at little or no cost to the protection of users’ rights.

The persistence of automatic termination under GPLv2 § 4, however, has caused problems of the types that Richard Stallman and I foresaw last decade. Both opportunistic monetizing and overzealous litigious enforcement have occurred. The perception of “copyright trolling” has created pressure among manufacturers to move away from copylefted programs to “permissively” licensed substitutes. Litigation designed to bring public attention to zealously committed enforcers, but brought on insufficient preparation, has been lost in the early stage for evident inadequacy of proof, thus destroying the reputation for infallible legal accuracy that Richard and I painstakingly constructed over decades. The overall result has been less respect for copyleft.

Anytime a copylefted computer program is replaced in someone’s device by a “permissively-licensed” program, that person loses some of her rights. Pressure against copyleft is now increasingly reducing users’ rights to see crucial source code in the devices that increasingly run their lives.

Moving to GPLv3-style termination for GPLv2 programs will provide better legal certainty for manufacturers and users, without any cost to the rights-protection function of copyleft, as our experience with GPLv3 has shown. The Linux kernel developers, the Free Software Foundation, and other community parties have backed this change. The Linux Foundation has used its influence as the industry’s most important trade association to promote and further it. Now, some of the largest makers and distributors of GPLv2 software in the global IT industry have turned that community consensus into enforceable legal commitments of their own. Red Hat’s involvement in these issues goes back to their presence in the GPLv3 public discussion process, as does IBM’s. Its leadership role in the present coalition is born of long consideration.

I hope that other leading industry parties who use GPLv2 as a license for software they produce will soon join this coalition. By doing so, they will be helping all of us, producers and users, to maintain the health of the copyleft ecosystem. The importance of copyleft in protecting the privacy and other civil rights of users has never been clearer, in the long history of the free software movement and its licenses, than it is right now.

Please email any comments on this entry to press@softwarefreedom.org.

Other SFLC blog entries...