Regarding the text:no permission is given to distribute covered works that illegally invade users' privacy, In section: gpl3.drm.p0.s3 Submitted by: fontana (SFLC Attorney) on 2006-04-30 at 16:00 EDT
1 agree: fej
noted by fontana (SFLC Attorney) on 2006-04-30 at 16:00 EDT:
Some comments suggest that it is too difficult to determine when a work is one that illegally invades users' privacy. An invasion of privacy may be inadvertent, unintentional or incidental. When an invasion of privacy does occur, it may be in circumstances in which it is not clear which of several interacting programs is responsible for the invasion. Moreover, much software is susceptible to illegal privacy-invading uses.
Queue changed from Inbox to Issues by fontana (SFLC Attorney) on 2006-04-30 at 16:01 EDT
Member ticket #369 added by fontana (SFLC Attorney) on 2006-04-30 at 16:03 EDT
Member ticket #614 added by fontana (SFLC Attorney) on 2006-04-30 at 16:03 EDT
Member ticket #566 added by fontana (SFLC Attorney) on 2006-04-30 at 16:03 EDT
Member ticket #251 added by fontana (SFLC Attorney) on 2006-04-30 at 16:03 EDT
Member ticket #236 added by fontana (SFLC Attorney) on 2006-04-30 at 16:03 EDT
Regarding the text:no permission is given to distribute covered works that illegally invade users' privacy In section: gpl3.drm.p0.s3 Submitted by: kopon 2006-01-16 at 17:27 EST
5 agree: orion, proski, Jastiv, neroden, andrewpm
noted by kopon 2006-01-16 at 17:27 EST:
Frankly, this clause seems off-topic. Why not, for instance, deny distribution to covered works that are components of weapons of mass destruction? The whole issue of what constitutes privacy is something of an open issue these days, when everybody submits their corporate shopping ID at the grocery store checkout counter and thinks nothing of having their most everyday habits and activities tracked, profiled, and distributed to anyone willing to pay for them.
Regarding the text:that illegally invade users' privacy In section: gpl3.drm.p0.s3 Submitted by: jamesmcgon 2006-01-16 at 20:29 EST
1 agree: coldwind
noted by jamesmcgon 2006-01-16 at 20:29 EST:
I admit I'm somewhat clueless about the specifics of privacy laws (both in the UK or elseware). This seems to imply that you may not distrabute spyware or DRM monitoring systems under the GPL, or by inference modify existing GPL code to become spyware / DRM monitoring apps and then distrabute that.
I'm not pro-spyware, would this clause make GPLv3 incompatable with the 6th clause of the open source definition:
6. No Discrimination Against Fields of Endeavor
The license must not restrict anyone from making use of the program in a specific field of endeavor. For example, it may not restrict the program from being used in a business, or from being used for genetic research.
In the Sony DRM case, one of the features of their CD player software is that it would look to see which CD was playing then make a HTTP request to a Sony server to lookup extra album information, the HTTP requests are then logged by the webserver along with IP address and the privacy implications there (How much consent and/or knowledge is needed from the end user of the feature before its becomes legal/illegal).
Now Assume that I add a feature (maybe it already exists) to GPLv3 XMMS to do a lookup on www.freedb.org based on the currently playing MP3 or OGG. Does this raise privacy implications, I guess not as many. So where is the source of the problem here, is it that the media player software performs automattic HTTP requests based on its other activities, is it at the webserver end because it performs logging, is it because one company controls both the end user software and the webserver performing the logging, or is it simply a matter of trust, we trust the people running www.freedb.org far more than we trust the people at Sony. Assuming everything is running GPLv3 code, and that with everything combined it is considered illegal, on which piece of software would this clause kick in on and prevent redistrabution.
The term user is not defined specifically, it could mean the person running the code, or making use of the code (as in a remote user accessing a webserver) - or potentually mean other computer users affected in some way by the code. Take a program like nmap, which does port scanning, is this an illegal invasion of privacy, what if you are running it against military or sensitive computers? Who is the user in this case, is it me because I'm running the code on my computer, or my target who is being scanned (what if the RIAA where to run nmap on every IP to visit www.grokster.com).
Now some tools can be used in many different ways, a combination of an ssh client, a bash loop, a dictionary file and rsync could be used in ways that are very easily invade privacy (and all other data files) on a users machine, though individually and in combination are also very ligitimate tools.
Then you have an intresting possible (though rather insignificant) perversion of the GPLv3. One day Gator Corp (of spyware fame) decides to release all its products under the GPLv3. As copyright holder it can give as many copies as it likes away, but when anybody starts copying the code themselves, they are sued by Gator for violation of section 3 of the GPLv3, "thou shall use use GPLed spyware". I'm pretty sure such a case would be dismissed on the basis of unclean hands, but it only takes one SCO to tie up the court for years.
Another potentual issue is with privacy related bugs. I create a app v0.1 which I later find has a fairly serious privacy flaw. I correct this in v0.2, but does this now mean that others can no longer distrabute v0.1 of my code.
Regarding the text:Regardless of any other provision of this license, no permission is given to distribute covered works that illegally invade users' privacy, In section: gpl3.drm.p0.s3 Submitted by: pdeon 2006-01-20 at 21:00 EST
4 agree: proski, neroden, andrewpm, fej
noted by pdeon 2006-01-20 at 21:00 EST:
Can anyone involved in the drafting process shed some light on the intention of this language?
Was it about moderating the effect of the following paragraph? In that
case, does my suggestion of limiting that following paragraph to
"legally published" data or works help?
Or was it about trying to stop rootkits, spyware and other creepy
crawlies included as part of DRM systems? If that was the case, as
others have noted, it shouldn't be limited to "illegal" invasion of
privacy. Perhaps some expanded and clarified language (a whole
paragraph?) could better achieve such an objective?
The subject text is totally redundant and will only cause confusions.
What the SONY rootkit did was almost certainly illegal, but there's no
point in having a license forbidding something which is illegal by law.
And there is no way you can decide from the source code alone whether is
it going to be used illegaly. This text is probably the most obvious
candidate for deletion from the draft.
Issue 1131: Difficulty of determining when a work is one that "invades users' privacy" (and when that rises to the level of illegality)
This Issue is part of the discussion on:#1136: (fontana) Umbrella issue for objections to this provision
Regarding the text:
In section: gpl3.drm.p0.s3
Submitted by: fontana (SFLC Attorney) on 2006-04-30 at 16:00 EDT
1 agree: fej
noted by fontana (SFLC Attorney) on 2006-04-30 at 16:00 EDT:
collapse children
Child comment of 1131: 236: Privacy is outside the scope of the 4 freedoms ±
Comment 236: Privacy is outside the scope of the 4 freedoms
Regarding the text:
In section: gpl3.drm.p0.s3
Submitted by: kop on 2006-01-16 at 17:27 EST
5 agree: orion, proski, Jastiv, neroden, andrewpm
noted by kop on 2006-01-16 at 17:27 EST:
collapse children
Comment 251: Open Source Definition - 6 6. No Discrimination Against Fields of Endeavor
Regarding the text:
In section: gpl3.drm.p0.s3
Submitted by: jamesmcg on 2006-01-16 at 20:29 EST
1 agree: coldwind
noted by jamesmcg on 2006-01-16 at 20:29 EST: noted by jsmith on 2006-01-16 at 21:42 EST:
collapse children
Comment 614: Purpose of this text?
Regarding the text:
In section: gpl3.drm.p0.s3
Submitted by: pde on 2006-01-20 at 21:00 EST
4 agree: proski, neroden, andrewpm, fej
noted by pde on 2006-01-20 at 21:00 EST: noted by pde on 2006-01-20 at 21:01 EST: noted by pde on 2006-01-20 at 21:04 EST: noted by pochini on 2006-01-22 at 13:15 EST: noted by apm on 2006-01-23 at 07:21 EST:
collapse children