​Linux beats legal threat from one of its own developers

Linux has beaten many legal challenges over the years, but until now, it hasn't had to win a battle over one of its own.

Video: Torvalds unimpressed with DRM, GPLv3

The rising tension between IoT and ERP systems

The Internet of Things is the new frontier. However, generations of ERP systems were not designed to handle global networks of sensors and devices.

Read More

In a German court earlier this week, former Linux developer Patrick McHardy gave up on his Gnu General Public License version 2 (GPLv2) violation case against Geniatech Europe GmbH. Now, you may ask, "How can a Linux programmer dropping a case against a company that violates the GPL count as a win?"

It's complicated.

First, anyone who knows the least thing about Linux's legal infrastructure knows its licensed under the GPLv2. Many don't know that anyone who has copyrighted code in the Linux kernel can take action against companies that violate the GPLv2. Usually, that's a non-issue.

People who find violations typically turn to organizations such as the Free Software Foundation, Software Freedom Conservancy (SFC), and the Software Freedom Law Center (SFLC) to approach violators. These organizations then try to convince violating companies to mend their ways and honor their GPLv2 legal requirements. Only as a last resort do they take companies to court to force them into compliance with the GPLv2.

Patrick McHardy, however, after talking with SFC, dropped out from this diplomatic approach and has gone on his own way. Specifically, McHardy has been accused of seeking his own financial gain by approaching numerous companies in German courts. Geniatech claimed McHardy has sued companies for Linux GPLv2 violations in over 38 cases. In one, he'd requested a contractual penalty of €1.8 million. The company also claimed McHardy had already received over €2 million from his actions.

With Geniatech, McHardy claimed to have found Linux code within satellite TV receivers built by the Shenzhen China based company Geniatech, which is represented in Europe by Germany-based Geniatech Europe GmbH. He then demanded payment from the company. When it refused, McHardy obtained a Einstweilige Verfügung, an interim injunction is the close American equivalent, against the company. In German courts, these tend to be immediately granted by the court, without hearing from the defendant.

The last thing Linux at large wants is for a single rogue developer to be shaking down companies. GPLv2 defenders want companies that use Linux to abide by the GPLv2 -- not pay a programmer off. Indeed, one of the Principles of Community-Oriented GPL Enforcement is "Community-oriented enforcement must never prioritize financial gain."

McHardy was able to start taking these actions because he'd contributed some code to the Linux kernel and had been the chair of Linux's Netfilter core development team. Netfilter is a Linux network utility that handles Network Address Translation (NAT), and with IPTables, firewalls. As a Linux developer, McHardy owns the copyright to his code contributions, but not to the whole Linux kernel.

After all, if I add a headlight to a car, I can't claim to be the car manufacturer. But, as Heather Meeker, a partner at the law firm O'Melveny & Myers who specializes in open-source software licensing, explained, "Copyright ownership in large projects such as the Linux kernel is complicated."

Meeker continued, "It's like a patchwork quilt. When developers contribute to the kernel, they don't sign any contribution agreement or assignment of copyright. The GPL covers their contributions, and the recipient of a copy of the software gets a license, under GPL, directly from all the authors. The contributors' individual rights exist side-by-side with rights in the project as a whole."

Using this legal logic, McHardy was to follow his path, with some success. The Linux community was not amused.

In July 2016, the Netfilter developers suspended him from the core team. They received numerous allegations that he had been shaking down companies. McHardy refused to discuss these issues with them, and he refused to sign off on the Principles.

In October 2017, Greg Kroah-Hartman, Linux kernel maintainer for the stable branch, summed up the Linux kernel developers' position. Kroah-Hartman wrote: "McHardy has sought to enforce his copyright claims in secret and for large sums of money by threatening or engaging in litigation. Some of his compliance claims are issues that should and could easily be resolved. However, he has also made claims based on ambiguities in the GPL-2.0 that no one in our community has ever considered part of compliance."

He continued, "We have never even considered enforcement for the purpose of extracting monetary gain. It is not possible to know an exact figure due to the secrecy of Patrick's actions, but we are aware of activity that has resulted in payments of at least a few million Euros. We are also aware that these actions, which have continued for at least four years, have threatened the confidence in our ecosystem."

Moving ahead, Kroah-Hartman and Linux's Technical Advisory Board created the The Kernel Enforcement Statement. This document, which has been signed by the most important Linux developers, underlines:

The community is not out for financial gain when it comes to license issues. ... All we want is the modifications to our code to be released back to the public, and for the developers who created that code to become part of our community so that we can continue to create the best software that works well for everyone.

In short, this addresses the issue when a 'bad actor' is attacking companies in a way to achieve personal gain.

What finally brought this to a head was that, unlike other companies McHardy had approached, Geinatech opted to fight than pay up. Geinatech's CEO admitted the company had violated the GPL out of court, but the company then complied with the GPLv2. This was, after all, what GPL compliance efforts had been all about until McHardy appeared.

Harald 'LaForge' Welte, a Linux kernel developer and active defender of the GPL, was at the hearing at higher regional court of Cologne (OLG Koeln). Welte reported the OLG Koeln presiding judge had "by far the most precise analysis of how Linux kernel development works" of any GPL-violation case he'd seen.

The judge found the following reasons he was inclined to dismiss McHardy's claims:

  • The Linux kernel development model does not support the claim of Patrick McHardy having co-authored Linux. In so far, he is only an editing author (Bearbeiterurheber), and not a co-author. Nevertheless, even an editing author has the right to ask for cease and desist, but only on those portions that he authored/edited, and not on the entire Linux kernel.
  • The plaintiff did not sufficiently show what exactly his contributions were and how they were forming themselves copyrightable works
  • The plaintiff did not substantiate what copyrightable contributions he has made outside of Netfilter/iptables. His mere listing as general networking subsystem maintainer does not clarify what his copyrightable contributions were.
  • The plaintiff being a member of the Netfilter core team or even the head of the core team still doesn't support the claim of being a co-author, as Netfilter substantially existed since 1999, three years before Patrick's first contribution to Netfilter, and five years before joining the core team in 2004.

In short, it became obvious the court thought McHardy's claims "on all of Linux was too far-fetching." It was also clear the court was unsympathetic to McHardy''s assertions. For him to proceed further would require "regular main proceedings, in which expert witnesses can be called and real evidence has to be provided, as opposed to the constraints of the preliminary procedure."

This, in turn, would add far more legal costs.

McHardy's attorney requested a brief recess so he could call his client to decide if they would want to continue with their request to uphold the preliminary injunction. McHardy then withdrew the request to uphold the injunction. So, the injunction was withdrawn, and McHardy now has to bear all legal costs for both sides of the case.

In other words, when McHardy was faced with serious and costly opposition for the first time, he waved a white flag rather than face near certain defeat in the courts.

The Linux community is breathing a sigh of relief. Had McHardy continued on his way, companies would have been more reluctant to use Linux code in their products for fear that a single, unprincipled developer could sue them and demand payment for his copyrighted contributions.

Karen Copenhaver, legal counsel to The Linux Foundation, said, "This is good news for Linux and the Linux community." Linux developers at the Open Source Leadership Summit in Sonoma, Calif., also agreed. One said, "McHardy's legal threats were a pain in the neck, and I hope this puts an end to them."

In the event you hear from McHardy with a similar claim against your company's use of Linux source code, Netfilter's developers recommend taking his claims seriously and complying with the GPL.

Related Stories:


You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All