Linux programmer wins legal victory

German court supports effort to enforce the GPL, which governs countless projects in the free and open-source software realms.

Stephen Shankland principal writer
Stephen Shankland has been a reporter at CNET since 1998 and writes about processors, digital photography, AI, quantum computing, computer science, materials science, supercomputers, drones, browsers, 3D printing, USB, and new computing technology in general. He has a soft spot in his heart for standards groups and I/O interfaces. His first big scoop was about radioactive cat poop.
Expertise processors, semiconductors, web browsers, quantum computing, supercomputers, AI, 3D printing, drones, computer science, physics, programming, materials science, USB, UWB, Android, digital photography, science Credentials
  • I've been covering the technology industry for 24 years and was a science writer for five years before that. I've got deep expertise in microprocessors, digital photography, computer hardware and software, internet standards, web technology, and other dee
Stephen Shankland
5 min read
A Linux programmer has reported a legal victory in Germany in enforcing the General Public License, which governs countless projects in the free and open-source software realms.

A Munich district court on Tuesday issued a preliminary injunction barring Fortinet, a maker of multipurpose security devices, from distributing products that include a Linux component called "initrd" to which Harald Welte holds the copyright.

In addition to being a Linux programmer, Welte runs an operation called the GPL Violations project that attempts to encourage companies shipping products incorporating GPL software to abide by the license terms. The license lets anyone use GPL software in products without paying a fee, but it requires that they provide the underlying source code for the GPL components when they ship such a product.


What's new:
A German court agreed with a Linux programmer's contention that a California security appliance maker called Fortinet needs to comply with the terms of the General Public License.

Bottom line:
The case adds new legal weight to the GPL, the legal foundation for Linux and countless other projects in the open-source and free software realms. It also shows some computer industry growing pains from adopting open-source software.

More stories on the GPL

The case highlights the ease with which open-source software can spread across the computing industry--but also the growing pains that companies face as they adjust to new legal concepts underlying the collaborative programming approach.

Fortinet, based in Sunnyvale, Calif., said in a statement it's addressing the issue but is surprised that Welte resorted to legal action.

"Fortinet recently became aware of Mr. Welte's allegations and has, in good faith, been diligently working with him to resolve this matter outside of the German court system. Fortinet is actively taking steps to ensure that its products are compliant with GPL requirements. Therefore, Fortinet is surprised that Mr. Welte pursued a preliminary injunction against Fortinet in Germany and believes that this is an unnecessary action," the company said. "Fortinet is continuing its efforts to expeditiously resolve this matter with Mr. Welte."

Welte has said he doesn't object to corporate use of open-source software; he just wants it to be done properly. Welte first notifies companies of his accusations before beginning legal action, he said. In the case of Fortinet, the GPL Violations project informed the company of its concerns March 17, but "out-of-court negotiations on a settlement failed to conclude in a timely manner," the project said in a statement.

In March, Welte sent similar letters to multiple companies exhibiting at the CeBit trade show. And a year ago, he won a ruling against Sitecom in a case similar to that of Fortinet.

Fortinet uses Linux in the operating system included in its FortiGate and FortiWiFi products, the project said. "FortiOS is using the Linux operating system kernel and numerous other free software products that are licensed exclusively under the GNU GPL. This information was not disclosed by Fortinet," the GPL Violations project said.

Most actions by GPL Violation have been against European or Asian companies, and the Sitecom and Fortinet cases don't have direct repercussions outside Germany. But the actions this year also have targeted corporations in the United States--an indication that case law around the GPL could also start building soon in the world's largest computing technology market.

"Generally, corporations are becoming more conscious of the issues surrounding the GPL," said Brian Kelly, an intellectual-property attorney with Manatt, Phelps & Phillips. "The process of clarifying the

terms and limitations of the GPL through litigation will likely seem interminably long to industry watchers, but this latest result suggests that the process in the United States is soon to begin."

There could be several reasons companies don't release source code for GPL software that they include in products. They might not be aware of the GPL's provisions, thinking that software it governs is merely in the public domain. They might have software enhancements they want to keep secret. Or they might simply be using software from a third party and not even know it contains GPL components.

Open education
Activities to inform the computing industry about open-source licenses have become common. Attorneys could get continuing-education credit for two days of speeches on legal matters at the Open Source Business Conference this month, for example, and Linux seller Red Hat has just posted a video of its in-house lawyer discussing various licenses.

However, it's hard to tell whether GPL violations are decreasing, Welte said in an interview. "The number of cases I know about is always rising, but my guess is that this is mainly because the GPL Violations project becomes more known to the community, and therefore I receive more user reports (from people) who find GPL-licensed software in products they have bought."

And Welte said he wasn't happy with the response to the letters he delivered to company representatives at CeBit.

"Most of them failed to create any form of reaction on behalf of the companies. It's very sad to see that in most cases nobody would even start to listen to you unless you sent it via a lawyer," Welte said.

Without access to the underlying source code, Welte often has to work hard to find out if GPL software is used in a product. In Fortinet's case, the use of GPL software was unusually difficult to verify, because the company had encrypted it, Welte said. It took 40 hours of work to ferret out the information, he said.

The next step in the legal proceedings depends on Fortinet's response, Welte said. "If they do not appeal and (begin to) distribute products according to the license, then the case is basically closed, and they will have to pay all expenses. If they choose to appeal, or ignore the court order, then the case will continue," he said.

Initrd is a module essential to the process of starting up a Linux computer. Welte also has helped write the netfilter/iptables software that provides Linux with protective firewall abilities.

Welte didn't write initrd, but author Werner Almesberger transferred copyright on the software to him earlier in 2005, Welte said.

The court said Fortinet would have to pay a fine of five to 250,000 euros and that employees would face up to 6 months imprisonment for violation of the injunction. In addition, the company is responsible for Welte's legal fees.

The General Public License is 14 years old, but its creator, the Free Software Foundation, has begun an effort to modernize it.

Regardless how the Fortinet case turns out, one message is clear, said Mark Radcliffe, an intellectual-property attorney with DLA Piper Rudnick Gray Cary and legal counsel for the Open Source Initiative.

"In any case," Racliffe said, "companies obviously need to be more attentive to the possible use of GPL code in their products."