Microsoft's anti-GPL offensive this summer has sparked renewed speculation about whether the GPL is "enforceable." This particular example of "FUD" (fear, uncertainty and doubt) is always a little amusing to me. I'm the only lawyer on earth who can say this, I suppose, but it makes me wonder what everyone's wondering about: Enforcing the

target="_blank">GPL is something that I do all the time.

Because free software is an unorthodox concept in contemporary society, people tend to assume that such an atypical goal must be pursued using unusually ingenious, and therefore fragile, legal machinery. But the assumption is faulty. The goal of the Free Software Foundation in designing and publishing the GPL, is unfortunately unusual: we're reshaping how programs are made in order to give everyone the right to understand, repair, improve, and redistribute the best-quality software on earth. This is a transformative enterprise; it shows how in the new, networked society traditional ways of doing business can be displaced by completely different models of production and distribution. But the GPL, the legal device that makes everything else possible, is a very robust machine precisely because it is made of the simplest working parts.

The essence of copyright law, like other systems of property rules, is the power to exclude. The copyright holder is legally empowered to exclude all others from copying, distributing, and making derivative works.

This right to exclude implies an equally large power to license -- that is, to grant permission to do what would otherwise be forbidden. Licenses are not contracts: the work's user is obliged to remain within the bounds of the license not because she voluntarily promised, but because she doesn't have any right to act at all except as the license permits.

But most proprietary software companies want more power than copyright alone gives them. These companies say their software is "licensed" to consumers, but the license contains obligations that copyright law knows nothing about. Software you're not allowed to understand, for example, often requires you to agree not to decompile it. Copyright law doesn't prohibit decompilation, the prohibition is just a contract term you agree to as a condition of getting the software when you buy the product under shrink wrap in a store, or accept a "clickwrap license" on line. Copyright is just leverage for taking even more away from users.

The GPL, on the other hand, subtracts from copyright rather than adding to it. The license doesn't have to be complicated, because we try to control users as little as possible. Copyright grants publishers power to forbid users to exercise rights to copy, modify, and distribute that we believe all users should have; the GPL thus relaxes almost all the restrictions of the copyright system. The only thing we absolutely require is that anyone distributing GPL'd works or works made from GPL'd works distribute in turn under GPL. That condition is a very minor restriction, from the copyright point of view. Much more restrictive licenses are routinely held enforceable: every license involved in every single copyright lawsuit is more restrictive than the GPL.

Because there's nothing complex or controversial about the license's substantive provisions, I have never even seen a serious argument that the GPL exceeds a licensor's powers. But it is sometimes said that the GPL can't be enforced because users haven't "accepted" it.

This claim is based on a misunderstanding. The license does not require anyone to accept it in order to acquire, install, use, inspect, or even experimentally modify GPL'd software. All of those activities are either forbidden or controlled by proprietary software firms, so they require you to accept a license, including contractual provisions outside the reach of copyright, before you can use their works. The free software movement thinks all those activities are rights, which all users ought to have; we don't even want to cover those activities by license. Almost everyone who uses GPL'd software from day to day needs no license, and accepts none. The GPL only obliges you if you distribute software made from GPL'd code, and only needs to be accepted when redistribution occurs. And because no one can ever redistribute without a license, we can safely presume that anyone redistributing GPL'd software intended to accept the GPL. After all, the GPL requires each copy of covered software to include the license text, so everyone is fully informed.

Despite the FUD, as a copyright license the GPL is absolutely solid. That's why I've been able to enforce it dozens of times over nearly ten years, without ever going to court.

Meanwhile, much murmuring has been going on in recent months to the supposed effect that the absence of judicial enforcement, in US or other courts, somehow demonstrates that there is something wrong with the GPL, that its unusual policy goal is implemented in a technically indefensible way, or that the Free Software Foundation, which authors the license, is afraid of testing it in court. Precisely the reverse is true. We do not find ourselves taking the GPL to court because no one has yet been willing to risk contesting it with us there.

So what happens when the GPL is violated? With software for which the Free Software Foundation holds the copyright (either because we wrote the programs in the first place, or because free software authors have assigned us the copyright, in order to take advantage of our expertise in protecting their software's freedom), the first step is a report, usually received by email to license-violation@gnu.org.
We ask the reporters of violations to help us establish necessary facts, and then we conduct whatever further investigation is required.

We reach this stage dozens of times a year. A quiet initial contact is usually sufficient to resolve the problem. Parties thought they were complying with GPL, and are pleased to follow advice on the correction of an error. Sometimes, however, we believe that confidence-building measures will be required, because the scale of the violation or its persistence in time makes mere voluntary compliance insufficient. In such situations we work with organizations to establish GPL-compliance programs within their enterprises, led by senior managers who report to us, and directly to their enterprises' managing boards, regularly. In particularly complex cases, we have sometimes insisted upon measures that would make subsequent judicial enforcement simple and rapid in the event of future violation.

In approximately a decade of enforcing the GPL, I have never insisted on payment of damages to the Foundation for violation of the license, and I have rarely required public admission of wrongdoing. Our position has always been that compliance with the license, and security for future good behavior, are the most important goals. We have done everything to make it easy for violators to comply, and we have offered oblivion with respect to past faults.

In the early years of the free software movement, this was probably the only strategy available. Expensive and burdensome litigation might have destroyed the FSF, or at least prevented it from doing what we knew was necessary to make the free software movement the permanent force in reshaping the software industry that it has now become. Over time, however, we persisted in our approach to license enforcement not because we had to, but because it worked. An entire industry grew up around free software, all of whose participants understood the overwhelming importance of the GPL -- no one wanted to be seen as the villain who stole free software, and no one wanted to be the customer, business partner, or even employee of such a bad actor. Faced with a choice between compliance without publicity or a campaign of bad publicity and a litigation battle they could not win, violators chose not to play it the hard way.

We have even, once or twice, faced enterprises which, under US copyright law, were engaged in deliberate, criminal copyright infringement: taking the source code of GPL'd software, recompiling it with an attempt to conceal its origin, and offering it for sale as a proprietary product. I have assisted free software developers other than the FSF to deal with such problems, which we have resolved -- since the criminal infringer would not voluntarily desist and, in the cases I have in mind, legal technicalities prevented actual criminal prosecution of the violators -- by talking to redistributors and potential customers. "Why would you want to pay serious money," we have asked, "for software that infringes our license and will bog you down in complex legal problems, when you can have the real thing for free?" Customers have never failed to see the pertinence of the question. The stealing of free software is one place where, indeed, crime doesn't pay.

But perhaps we have succeeded too well. If I had used the courts to enforce the GPL years ago, Microsoft's whispering would now be falling on deaf ears. Just this month I have been working on a couple of moderately sticky situations. "Look," I say, "at how many people all over the world are pressuring me to enforce the GPL in court, just to prove I can. I really need to make an example of someone. Would you like to volunteer?"

Someday someone will. But that someone's customers are going to go elsewhere, talented technologists who don't want their own reputations associated with such an enterprise will quit, and bad publicity will smother them. And that's all before we even walk into court. The first person who tries it will certainly wish he hadn't. Our way of doing law has been as unusual as our way of doing software, but that's just the point. Free software matters because it turns out that the different way is the right way after all.

---

Eben Moglen is professor of law and legal history at Columbia University Law School. He serves without fee as General Counsel of the Free Software Foundation.

---

Copyright © 2001 Eben Moglen -- Verbatim copying and distribution of this entire article is permitted in any medium, provided this notice is preserved.

---

Related stories:

• Lineo launches 'anti-FUD' campaign with license ID tool
  
• Open source licenses
  
• Microsoft, Red Hat argue open source
  
• "The Great Open Source Debate" to be telecast today
  
• Open-source leaders fire new salvo at Microsoft
  
• Free Software Leaders Stand Together
  
• ELC blasts Microsoft's OSS attack
  
• Text of Microsoft's anti-OSS speech
  
• Microsoft raps open source approach
  
• Lineo fires back at Microsoft FUD
  
• Microsoft criticized for attacks on open source
  
• Using GPL software in embedded applications
  
• What's so good about open source and Linux -- in embedded?
  
• The GNU General Public License
  
• Wind River worries about GPL in embedded apps
  
• Open source is un-American? "Stop, you're killing me!"
  
• The GNU GPL and the American Way
  
• Using GPL software in embedded applications
  
• Free Software Foundation & FSMLabs resolve GPL dispute
  
• RTLinux leader: GPL violation may be a mix-up
  
• Free Software Foundation: RTLinux license violates GPL
  
• Yodaiken unveils RTLinux patent license
  
• Victor Yodaiken on "The Infamous RTLinux Patent"
  
• A developer's perspective on the RTLinux patent
  
• Editorial: GPL and patents are like oil and water
  
• RTLinux patent knocks over first domino?
  
• License deal pulls Lineo into patent row

Talk back! Do you have a question or comment on this story? talkback here

Discuss Guest editorial: Enforcing the GNU GPL   >>> Be the FIRST to comment on this article!

>>> More Linux For Devices Articles Articles          >>> More By Eben Moglen