Closing the Door on Open Source for the Internet Appliance? Licensing Considerations as a Response to Anti-Tivoization - John Heidenreich
The Kenneth J. Germeshausen Center, created in 1985 through the generosity of Kenneth J. and Pauline Germeshausen, is the umbrella organization for Pierce Law's intellectual property specializations. Today the Germeshausen Center is a driving force in the study of international and national intellectual property law and the transfer of technology. It acts as a resource to business as well as scientific, legal and governmental interests in patent, trademark, trade secret, licensing, copyright, computer law and related fields.
The Center bears the name of its benefactor Kenneth J. Germeshausen, one of New England's pioneering inventors and professor of electrical engineering at Massachusetts Institute of Technology. Germeshausen was also co-founder of the international high technology firm of EG&G.
Closing the Door on Open Source for the Internet Appliance? Licensing Considerations as a Response to Anti-Tivoization - John Heidenreich
An internet appliance is a consumer electronics device defined for a specific activity that facilitates ease of access to various integrated internet information services.[i] Developments in the area of microprocessor technology have fueled the growth of these ubiquitous systems into every area of our lives.[ii] Small microprocessors live everywhere from printers, answering machines, thermostats, and wristwatches to even household appliances such as refrigerators. The ability for these systems to communicate over networks is an increasingly common feature, which has given rise to a market for distributing content and services to these devices. Many internet appliance developers rely on a service provider model, where selling hardware and software are ancillary to their primary source of revenue, providing network services.[iii]
Internet appliance developers that generate revenue through network services subscriptions often rely on open source software for a variety of reasons, including its attractive price tag.[iv] The cost to develop a customized from the ground up system or to purchase a solution from a third party can act as a barrier for entry into the market. Due to the significant initial investment required for hardware, these companies may face significant financial exposure before having sold a single subscription. Such companies rely financially on selling services, and may release their software under an open source license as a loss leader to drive revenues from up-selling services.[v] One notorious example of this model is the TiVo® set-top box, which uses a derivative extension of the open source Linux operating system as its internal software platform.[vi] According to the requirements of the GPL the open source software license under which Linux is distributed TiVo must redistribute any changes made to Linux for free.[vii]
A threat to the service provider model is users ability to modify the open source software to circumvent the intended use of these devices.[viii] Although service providers built and sold the hardware at discount rates with the expectation that users would exclusively use the provider s network service, some users modify the software to enable use on non-subscription based networks.[ix] If users are able to manipulate their systems to connect to a rogue server that provides similar services free of charge, the model will be disrupted.[x] Cell phone network providers, for example, do not find it profitable to allow users to switch to other providers so they program codes onto their phones to prevent such switching.[xi] While many such network-enabled devices can be built with hardware limitations that restrict devices built for one network from communicating on another, Internet appliances do not have this limitation since they are built to communicate using the web s TCP/IP standard protocol. In light of this threat, it is vital for service providers to protect their revenue generating channels.
Lawrence Lessig identifies four constraints that regulate online behavior: the law, the market, social norms, and architecture.[xii] A great deal of emphasis is placed on the law and architecture as regulatory devices. Those internet appliance developers that have adopted the services distribution model for generating revenue, such as TiVo, look to both the law and to architecture as means for regulating their control of the online services they sell.
With regard to architectural regulation, hardware based technical control measures are often used in an attempt to secure and control the services model for network enabled consumer electronics. TiVo in particular has established a series of hardware constraints that they refer to as a chain of trust for software running in their Digital Video Recorder (DVR).[xiii] This chain of trust ensures that modified software cannot run on their Internet appliance. This practice has been dubbed tivoization. [xiv]
Additionally legal regulation can protect businesses that profit from distributing content to consumer electronics devices. Copyright owners can keep users from accessing other channels through control mechanisms by embedding access and control schemes in the work itself. Anti-circumvention legislation was signed into law in the U.S. and implemented as a part of the Digital Millennium Copyright Act ("DMCA"). Circumventing any sort of access mechanism or even distributing programs that circumvent copy control and access mechanisms is illegal according to section 1201 of this act. Recently courts have demonstrated that the DCMA s anti-circumvention provisions are an effective means for businesses to control the use of their distribution channels.[xv]
Copyrights of many Linux GPL projects have been assigned to the Free Software Foundation (FSF), a non-profit organization. FSF controls the direction of the GPL license. FSF tends to describe the virtues of the licensing agreement in philosophical tones, extolling the virtues of freedom. FSF believes that the GPL is an effective means of ensuring that open source software should never be used exclusively by a group under a proprietary scheme.[xvi] In 2007, for the first time in 16 years, FSF released a new version of the GPL (GPLv3) to address what they saw as unjustified use of GPL software by internet appliance developers such as TiVo.[xvii] GPLv3 includes provisions, which specifically restrict loading code modifications on the devices and from enforcing anti-circumvention provisions.[xviii] These terms are referred to as anti-tivoization measures. [xix]
The choice of a licensing model such as GPLv2, which does not expressly restrict tivoization, was a risk for internet appliance service providers because their business model relied on a violation of the FSF s view that tivoization is not in accord with their ideals of software freedom.[xx] As subsequent versions of the GPL become stricter in their implementation of FSF views, product developers who have relied on previous versions of the GPL will be unable to take advantage of new code released under projects that upgrade their licensing to GPLv3, unless their derivative works also adopt this later version.[xxi]
New provisions in GPLv3 were implemented in order to enforce this view on all code released under the new licensing agreement and to undermine the effect of these laws.[xxii] Software licensed under GPLv3 waives the right of its owner to prevent the circumvention of any technical protection measures (i.e. TiVo s chain of trust ).[xxiii] Section 3 reads: No covered work shall be deemed part of an effective technological measure under any applicable law . . . . When you convey a covered work, you waive any legal power to forbid circumvention of technological measures . . . . [xxiv] Such a provision has the effect of eliminating circumvention protection under the DMCA, leaving the service model in danger of circumvention when using this license.
Understanding the limitations and risks associated with using open source software involves understanding the intent of the software s licensing agreement. The intent of the agreement dictates the permissible use, as opposed to relying on clever loopholes to get around the intent of the licensor.[xxv] With the end goal of providing services in mind, more permissive open source licensing models such as BSD, as well as traditional proprietary software licensing models should be considered. Major players in the consumer electronics industry who have adopted open source in order to support a service provider model, without regard to the intent of the software license, may be required to make significant changes to their approach of using open source platforms such as Linux. Service providers in the consumer electronics industry who fail to consider alternatives to their approach to open source software may ultimately undermine their own business model.
John Heidenreich, J.D. Candidate, 2010, holds a Master's Degree in Computing Studies with an emphasis in Software Engineering from Arizona State and a Bachelor's in Management Information Systems from the University of Arizona. Prior to law school, he worked as a software architect for a technology consulting firm, where he specialized in the area of distributed system architectures. Upon graduation John plans on practicing patent law.
[i] Eric Bergman, Information appliances and beyond: interaction design for consumer products, 3, 4 (Morgan Kaufmann 2000).
[ii] Manfred Schlett, Trends in embedded-microprocessor design, 31 Computer 44, 46 (Aug 1998).
[iii] Paul N. Leroux, Adapting PC Technology to Internet Appliances, Embedded.com, Oct. 9, 2000, http://www.embedded.com/192200800?_requestid=77933.
[iv] See Dirk Riehle, The Economic Motivation of Open Source Software: Stakeholder Perspectives, 40 IEEE Computer 25, 25 (2007), available at http://www.riehle.org/computer-science/research/2007/computer-2007-artic....
[v] Alan Stern & Robin J. Lee, Open Source Licensing in Understanding the Intellectual Property License, 950 PLI/Pat 259, 270 (Practicing Law Institute 2008).
[vi] Id.
[vii] Wanji J. Walcott & Stuart D. Levi, An Overview of Open Source Software Licenses Open Source Software 2008 in Benefits, Risks and Challenges for Software Users, Developers and Investors, 954 PLI/Pat 11, 28 (Practising Law Institute 2008).
[viii] Martin Conaghan, TiVo Desktop 2.3 hack, PVR Wire, June 26, 2006, http://www.pvrwire.com/2006/06/26/tivo-desktop-2-3-hack.
[ix] Id.
[x] Frequently Asked Questions (and Answers) about Anticircumvention (DMCA), ChillingEffects.org, http://www.chillingeffects.org/anticircumvention/faq.cgi (last visited Nov. 12, 2009).
[xi] Frequently Asked Questions About Cell Phone Portability, http://www.consumersunion.org/campaigns/learn_more/000960indiv.html (last visited Nov. 12, 2009).
[xii] Lawrence Lessig, Code and Other Laws of Cyberspace 6 (Basic Books 1999).
[xiii] Jim Barton, From Server Room to Living Room, 1 ACM Queue, July–Aug. 2003, at 5.
[xiv] Stern & Lee, supra note 5, at 11.
[xv] See, e.g., Davidson & Assocs. v. Jung, 422 F.3d 630, 641 (8th Cir. 2005) (upheld a district court ruling users violated the DMCA by bypassing anti-piracy controls by developing free technology that allowed game users to participate against each other in online gaming without having to use the Blizzard s own system).
[xvi] What is free software and why is it so important for society?, http://www.fsf.org/about/what-is-free-software (last visited Nov. 13, 2009).
[xvii] Steven Shankland, Free Software Foundation releases GPL3, ZDNet, June 29, 2007, http://news.zdnet.com/2100-3513_22-152442.html.
[xviii] Id.
[xix] Id.
[xx] Richard Stallman, Why Upgrade to GPLv3, 2007, http:// www.gnu.org/licenses/rms-why-gplv3.html (last visited Nov. 13, 2009) (the FSF viewing DRM as nasty features designed to restrict your use of the data in your computer ).
[xxi] Id.
[xxii] Walcott & Levi, supra note 7, at 28.
[xxiii] See GNU General Public License Version 3, § 3, June 27, 2007, http://www.gnu.org/licenses/gpl.html (last visited Nov. 13, 2009).
[xxiv] Id.
[xxv] Walcott & Levi, supra note 7, at 17.
John Heidenreich (JD '10) holds a Masters Degree in Computing Studies with an emphasis in Software Engineering from Arizona State and a Bachelors in Management Information Systems from the University of Arizona.