GPLv3

Comment 234: No permission for illegal acts?

Regarding the text: no permission is given to distribute covered works that illegally invade users' privacy
In section: gpl3.drm.p0.s3
Submitted by: swehner on 2006-01-16 at 17:15 EST
6 agree: proski, neroden, pitrou, tsmithe, catzi, fej
noted by swehner on 2006-01-16 at 17:15 EST:

Why would a license declare that no permission is given to commit illegal acts?

noted by mortis on 2006-03-01 at 15:27 EST:

No it declares that DISTRIBUTION of works that commit illegal acts is disallowed. As such it is this part of the license-text that makes distribution of such works illegal as well.

noted by massa on 2006-05-17 at 14:14 EDT:

Anyway, many invasions of privacy are LEGAL. BUT, what is the legal definition of "invasion of privacy"? -- this is a more serious issue.

collapse children

Comment 251: Open Source Definition - 6 6. No Discrimination Against Fields of Endeavor

Regarding the text: that illegally invade users' privacy
In section: gpl3.drm.p0.s3
Submitted by: jamesmcg on 2006-01-16 at 20:29 EST
1 agree: coldwind
noted by jamesmcg on 2006-01-16 at 20:29 EST:

I admit I'm somewhat clueless about the specifics of privacy laws (both in the UK or elseware). This seems to imply that you may not distrabute spyware or DRM monitoring systems under the GPL, or by inference modify existing GPL code to become spyware / DRM monitoring apps and then distrabute that. I'm not pro-spyware, would this clause make GPLv3 incompatable with the 6th clause of the open source definition: 6. No Discrimination Against Fields of Endeavor The license must not restrict anyone from making use of the program in a specific field of endeavor. For example, it may not restrict the program from being used in a business, or from being used for genetic research. In the Sony DRM case, one of the features of their CD player software is that it would look to see which CD was playing then make a HTTP request to a Sony server to lookup extra album information, the HTTP requests are then logged by the webserver along with IP address and the privacy implications there (How much consent and/or knowledge is needed from the end user of the feature before its becomes legal/illegal).

Now Assume that I add a feature (maybe it already exists) to GPLv3 XMMS to do a lookup on www.freedb.org based on the currently playing MP3 or OGG. Does this raise privacy implications, I guess not as many. So where is the source of the problem here, is it that the media player software performs automattic HTTP requests based on its other activities, is it at the webserver end because it performs logging, is it because one company controls both the end user software and the webserver performing the logging, or is it simply a matter of trust, we trust the people running www.freedb.org far more than we trust the people at Sony. Assuming everything is running GPLv3 code, and that with everything combined it is considered illegal, on which piece of software would this clause kick in on and prevent redistrabution. The term user is not defined specifically, it could mean the person running the code, or making use of the code (as in a remote user accessing a webserver) - or potentually mean other computer users affected in some way by the code. Take a program like nmap, which does port scanning, is this an illegal invasion of privacy, what if you are running it against military or sensitive computers? Who is the user in this case, is it me because I'm running the code on my computer, or my target who is being scanned (what if the RIAA where to run nmap on every IP to visit www.grokster.com).

Now some tools can be used in many different ways, a combination of an ssh client, a bash loop, a dictionary file and rsync could be used in ways that are very easily invade privacy (and all other data files) on a users machine, though individually and in combination are also very ligitimate tools.

Then you have an intresting possible (though rather insignificant) perversion of the GPLv3. One day Gator Corp (of spyware fame) decides to release all its products under the GPLv3. As copyright holder it can give as many copies as it likes away, but when anybody starts copying the code themselves, they are sued by Gator for violation of section 3 of the GPLv3, "thou shall use use GPLed spyware". I'm pretty sure such a case would be dismissed on the basis of unclean hands, but it only takes one SCO to tie up the court for years. Another potentual issue is with privacy related bugs. I create a app v0.1 which I later find has a fairly serious privacy flaw. I correct this in v0.2, but does this now mean that others can no longer distrabute v0.1 of my code.

noted by jsmith on 2006-01-16 at 21:42 EST:

Everybody is asying that this clkause is stupid. If it is illegal, then the licence does not need to say it.

RMS: This better not be in draft 2!

collapse children

Comment 257: Redundant statement

Regarding the text: no permission is given to distribute covered works that illegally invade users' privacy
In section: gpl3.drm.p0.s3
Submitted by: jblack (of Committee D) on 2006-01-16 at 21:16 EST
4 agree: proski, neroden, massa, andrewpm
noted by jblack (of Committee D) on 2006-01-16 at 21:16 EST:

The draft already clearly indicates in other places that this license does not allow for illegal activities.

noted by joe on 2006-01-16 at 22:05 EST:

Maybe I'm missing something, but, in general (not just regarding this section), what possible business does the GNU GPL have in restricting people's ability to break laws or punishing people for doing so?

If the law in question is in force in their jurisdiction, the courts (not us) should metre out the appropriate punishment, and, if it isn't in force in their jurisdiction, it is usually unfair for them to be punished for breaking it.

collapse children

Comment 485: redundant (& hence harmful)

Regarding the text: no permission is given to distribute covered works that illegally
In section: gpl3.drm.p0.s3
Submitted by: pjrm on 2006-01-18 at 07:49 EST
5 agree: proski, neroden, davelab6, andrewpm, fej
noted by pjrm on 2006-01-18 at 07:49 EST:

I see no point for a license to withold permission to do what is already illegal.

I object to the many legal documents (conditions of use etc.) that forbid doing illegal things, and do not want the GNU GPL to lend weight to such clauses. Such clauses make the document harder to read, and hence fewer people read the document, and hence it is easier to get people to agree to objectionable terms.

noted by mlybbert on 2006-01-18 at 15:55 EST:

I believe the reasoning is "we don't want any licensee claiming 'but the GPL made me do it!'"

I agree that lawyers and judges realize that legal documents can't force you to break the law. But many non-lawyers don't recognize this.

To bring up a politically-charged issue, remember the number of reporters claiming that they had to protect their sources in the Plame issue because they had enforceable contracts to do so. Any lawyer would say "that contract may have been legal when it was made, but now 'protecting your sources' is illegal in your case so the contract is no longer valid, just as if you had a long-standing contract to supply a product that was later banned your contract would no longer be binding."

noted by pde on 2006-01-18 at 23:00 EST:

pjrm: I think your concern is a valid one. The only case I can think of in which it is helpful to add a second layer of privacy protection is where it allows a different party to file a lawsuit over that privacy violation.

noted by massa on 2006-05-17 at 14:25 EDT:

There are deeper problems with this sentence:

1. it is about privacy, but it is buried inside the DRM section, that is related to the subject of privacy, but not _about_ it.

2. nor the license nor the body of law in many jurisdictions define exactly what is privacy, nor which are the privacy rights and expectations of the individuals, nor which are the exceptions to those rights.

2a. maybe those definitions are out of the scope of the GPLv3.

3. there are privacy-invasion acts that are illegal -- and there are those that are legal (like a wiretap authorized by a judge, or a surveillance camera on a street). which acts are being banned by this sentence?

4. last but not least, even if a program _can_ be used to invade the privacy of others, exist the possibility that such program is not _intended_ to be used in such a fashion, and that its primary function is not simply invading the privacy of others, or that to fulfill its primary function, as a collateral, the program _can_ be used to invade the privacy of others (example: nmap and other security scanners). Are those programs banned?

collapse children

Comment 614: Purpose of this text?

Regarding the text: Regardless of any other provision of this license, no permission is given to distribute covered works that illegally invade users' privacy,
In section: gpl3.drm.p0.s3
Submitted by: pde on 2006-01-20 at 21:00 EST
4 agree: proski, neroden, andrewpm, fej
noted by pde on 2006-01-20 at 21:00 EST:

Can anyone involved in the drafting process shed some light on the intention of this language?

noted by pde on 2006-01-20 at 21:01 EST:

Was it about moderating the effect of the following paragraph? In that case, does my suggestion of limiting that following paragraph to "legally published" data or works help?

noted by pde on 2006-01-20 at 21:04 EST:

Or was it about trying to stop rootkits, spyware and other creepy crawlies included as part of DRM systems? If that was the case, as others have noted, it shouldn't be limited to "illegal" invasion of privacy. Perhaps some expanded and clarified language (a whole paragraph?) could better achieve such an objective?

noted by pochini on 2006-01-22 at 13:15 EST:

1) GPL is about distribution. It should not rule what programs can do.

2) Privacy is a term that depends on the law. In some countries privacy may not be a right at all. This makes the clause almost useless.

noted by apm on 2006-01-23 at 07:21 EST:

The subject text is totally redundant and will only cause confusions. What the SONY rootkit did was almost certainly illegal, but there's no point in having a license forbidding something which is illegal by law. And there is no way you can decide from the source code alone whether is it going to be used illegaly. This text is probably the most obvious candidate for deletion from the draft.

collapse children