FSF Bulletin Issue 1, November 2002
From the Executive Director
by Bradley M. Kuhn
This is the first issue of our new semiannual FSF Bulletin. While our
long-time supporters will fondly remember the now-defunct GNU's
Bulletin, we hope that this new bulletin will help keep our donors and
associate members informed in a new way, now that FSF's activities
extend far beyond just the GNU project that we help sponsor.
The last six months have reminded us all that slowly but surely, the
mainstream culture is becoming aware of what we in the Free Software
Movement have long known — freedom to share and improve
information technology is a fundamental right. In early October, the
Supreme Court heard arguments in Eldred v.Ashcroft, a case which
considers the constitutionality of the “Sony Bono Copyright
Extension Act”. Our General Counsel, Eben Moglen, who authored
FSF's amicus brief in the
case, mentioned to me that he had rarely seen a Supreme Court hearing
so widely attended; he barely was able to get a seat himself despite
being a member of the Supreme Court bar. We likely won't know the
outcome of this case until we're publishing the next issue of this
bulletin. However, the excitement and interest surrounding this case
bodes well for our movement, regardless of the outcome. The public is
beginning to reconsider how copyright law should be used to protect
citizens' right to innovate and draw on our shared commons.
Just before the mid-term elections, we saw the next round of attacks
in Microsoft's campaign against the GNU GPL. Adam Smith, a
Congressional Representative from the state of Washington, who is
well-funded by Microsoft lobbying dollars, circulated a “dear
colleague” letter discouraging government use of GPL'ed
software. Like all the Microsoft attacks of the last eighteen months,
it backfired and Smith backpedaled within two weeks. Even though
Steve Ballmer has now declared GPL'ed software “enemy number
one”, ousting the likes of Oracle and Sun, we still remain the
wily adversary. Microsoft so far knows only how to fight competitors
like themselves — companies interested in subjugating users by
restricting them. For now, Microsoft and other proprietary software
companies remain unsure how to oppose a movement whose primary goal is
software liberation. Our adept responses to their attacks have kept
However, to keep pace with attacks from Microsoft and the media
companies, and to continue our education efforts about software
freedom, we do need your support. One new way to support FSF is to
take advantage of our new Associate Membership program. In addition
to receiving these bulletins, associate members of FSF receive a 20%
discount on all FSF merchandise and books, up to five email forwarding
address of the form NAME@member.fsf.org, and an invitation to
an annual meeting in the Boston area with FSF board members and staff.
If you buy a full-year associate membership for $120 by the end of
2002, you'll receive a complimentary copy of RMS' new book Free
Software, Free Society. You can join online
In the next few years, we will fight the most defining battles of our
movement since its inception in 1984. We won't get the job done
alone. Like all the work we've done so far, success will depend on
each one of us working together. FSF will need your help to
The Digital Speech Project Status
Update June 10, 2005: The digitalspeech.org domain accidentally
expired, so these links now takes you directly to the EFF
The Digital Speech Project (DSP),
sponsored by the Free Software Foundation, is putting together a
grassroots coalition to defend the public’s right to use
technology for its own purposes.
To stop heavy-handed actions of the media companies and our
legislature to curtail digital freedom, the DSP has assembled a
steering committee made up of activists and concerned individuals from
a broad array of backgrounds.
Heading up the committee is Ravi Khanna, FSF's Director of
Communications and an experienced human rights activist. Other
members of the committee include college students, a Boston-based
singer/songwriter, a law professor, a music teacher, a librarian, two
radio station executives, an analyst, the executive director of FSF,
and the outreach coordinator for the Electronic Frontier
It is an eclectic group — a planned microcosm of the grassroots
support they hope to achieve. They are convinced that legislation like
the DMCA hurts everyone: software developers, technology companies,
computer users, authors, artists, musicians, filmmakers, and anyone
who benefits from and enjoys a free marketplace for creative
For the past several months the committee has been working on a
statement of principles, a condensation of the beliefs and goals of
the DSP. With the creation of the statement, committee members hope
to come away with a concise, easy-to-grasp snapshot that can be shared
with their constituents in the workplace and on college campuses.
In fact, campuses are among the best places to start, according to
committee member and FSF executive director, Bradley M. Kuhn:
We dove into the project with vigor earlier this year.
We focused on forming campus Digital Freedom groups. A few campus
groups, including the Digital Freedom group at the University of
Kentucky, have gotten very active.
What I find when I visit these campuses is a growing underground
awareness — based mostly (but not exclusively) in the computer
science departments — that current notions of copyright law are
too extreme and downright harmful. From what I've seen, college
students, despite the popular opinion from the mainstream press, don't
dismiss the artists' needs when they share music non-commercially
In fact, when I lead class discussions on the topic, all the students
who speak up say they've considered it carefully, and that they find
the current system of music production to be a scam controlled by the
publishing companies. They know as well as Courtney Love does that
the current regime isn't about the artist; it's about corporate
However, Kuhn points out that getting the word out to people who've
never thought about digital freedom before takes time.
We formed the committee because we believe that the
best approach is to first and foremost build a broad coalition. With
that coalition, represented by the committee, we hope to get the
interest of funders to provide us the resources to design and execute
a strong grassroots campaign.
This month, the committee is expected to approve the Statement of
Principles, which should be available on
www.digitalspeech.org (now www.eff.org) by the end of the year.
This statement will serve as the guiding document for the project as
FSF and the committee launch a nation-wide grassroots organizing
campaign for digital freedom in 2003.
Anatomy of GPL Violations
by David ‘novalis’ Turner
GPL Compliance Engineer
For the last eight months, I have served as FSF's primary GPL
violation investigator and compliance engineer. I work with violation
reporters and GPL violators throughout the whole process — from
violation confirmation to resolution. After handling more than fifty
GPL violations over the past eight months, I have a few observations
about the process that will hopefully enlighten FSF's supporters about
the GPL enforcement process. (To get the lawyer's perspective, please
read Eben Moglen's
Who violates the GPL?
A plurality of GPL violations on FSF-copyrighted Free Software are
in the embedded market. Companies often port GCC to new chips or
boards and distribute the binaries without releasing source code. The
next most common class is firewall vendors. Many small companies, and
a few larger ones, make CDs with small GNU/Linux distributions. You
stick these CDs into an old PC with a couple of network cards, and you
have a firewall. Unfortunately, you often have a GPL violation
What are the most common types of violations?
The most common violations are failure by a distributor to include
source code or an offer for source code. This comes as no surprise,
since, from the point of view of proprietary software companies, it's
the most unusual provision in the license. In cases where
there is an offer for source code, it's often only open to
those who have binaries, rather than to all third parties (as required
by GPL Sec 3(b)). Even worse, sometimes when there's an offer for
source code, requests for that source are ignored.
Another unusual provision — that no additional restrictions
beyond those in the GPL are permitted (Sec 6) — accounts for
most of the remaining violations. Corporate lawyers often like to
wrap a whole distribution with an End User Licensing Agreement (EULA).
Most of the time, such EULAs are incompatible with the GPL, as they
attempt to trump the rights that the GPL protects.
How does FSF find out about violations?
We encourage the public to send violation reports
firstname.lastname@example.org. Most of our reports are from customers
of the GPL violators. Some are from bored hackers, who download demos
or read online copies of licenses. A few are from courageous
whistle-blowers inside the violating companies themselves. I read all
mail to that address and work with the reporters to get details. Once
we've confirmed a violation, I write a letter for our executive
director to send to the violator.
How do violations get fixed?
Most violators want to cooperate with us and correct the violations.
If they don't, a conference call with Daniel Ravicher, our volunteer
outside counsel, usually convinces them that it's in their best
interest to cooperate in a friendly way. After all, fixing the
violation is usually as simple as releasing the source code. When the
violation has been large or has gone on for a long time, we ask that
previous customers of the product be notified that source code is
available. Sometimes, we have to explain the intricacies of how GPL'd
code can be distributed alongside proprietary code (and how it can't).
Usually, the violator has fixed most of the problems within a month,
leaving only minor details.
What happens afterwards?
Once we've confirmed that the company now complies, intends to
continue to do so, and has carried out corrective measures for past
violations, we formally restore their distribution rights that were
lost (GPL Sec 4). In cases where we are concerned about future
violations, we ask the company to appoint an internal GPL Compliance
Officer, high enough that she oversees the legal situation of all
software products for the company. This person becomes FSF's line of
communication for all future GPL violations by that company.
We then ask companies to reimburse us for the time we spend on solving
their problem. It's in their interest to pay our costs, so that we
can pursue their competitors when they violate the GPL. We don't want
to ask our donors to continue subsidizing corporate GPL violators, as
they have done so far. But still, while we've been asking for such
reimbursement for a few months now, no violators have actually moved
to reimburse us yet. For now, we must ask our donors help to enforce
the license. You can support my work at FSF by making a directed GPL
Compliance Lab donation at
Can You Trust Your Computer?
by Richard M. Stallman
Who should your computer take its orders from? Most people think
their computers should obey them, not obey someone else. With a plan
they call “trusted computing”, large media corporations
(including the movie companies and record companies), together with
computer companies such as Microsoft and Intel, are planning to make
your computer obey them instead of you. Proprietary programs have
included malicious features before, but this plan would make it
Proprietary software means, fundamentally, that you don't control what
it does; you can't study the source code, or change it. It's not
surprising that clever businessmen find ways to use their control to
put you at a disadvantage. Microsoft has done this several times: one
version of Windows was designed to report to Microsoft all the
software on your hard disk; a recent “security” upgrade in
Windows Media Player required users to agree to new restrictions. But
Microsoft is not alone: the KaZaa music-sharing software is designed
so that KaZaa's business partner can rent out the use of your computer
to their clients. These malicious features are often secret, but even
once you know about them it is hard to remove them, since you don't
have the source code.
In the past, these were isolated incidents. “Trusted
computing” would make it pervasive. “Treacherous computing” is a
more appropriate name, because the plan is designed to make sure your
computer will systematically disobey you. In fact, it is designed to
stop your computer from functioning as a general-purpose computer.
Every operation may require explicit permission.
The technical idea underlying treacherous computing is that the
computer includes a digital encryption and signature device, and the
keys are kept secret from you. (Microsoft's version of this is called
“Palladium”.) Proprietary programs will use this device
to control which other programs you can run, which documents or data
you can access, and what programs you can pass them to. These
programs will continually download new authorization rules through the
Internet, and impose those rules automatically on your work. If you
don't allow your computer to obtain the new rules periodically from
the Internet, some capabilities will automatically cease to
Of course, Hollywood and the record companies plan to use treacherous
computing for “DRM” (Digital Restrictions Management), so
that downloaded videos and music can be played only on one specified
computer. Sharing will be entirely impossible, at least using the
authorized files that you would get from those companies. You, the
public, ought to have both the freedom and the ability to share these
things. (I expect that someone will find a way to produce unencrypted
versions, and to upload and share them, so DRM will not entirely
succeed, but that is no excuse for the system.)
Making sharing impossible is bad enough, but it gets worse. There are
plans to use the same facility for email and documents —
resulting in email that disappears in two weeks, or documents that can
only be read on the computers in one company.
Imagine if you get an email from your boss telling you to do something
that you think is risky; a month later, when it backfires, you can't
use the email to show that the decision was not yours. “Getting
it in writing” doesn't protect you when the order is written in
Imagine if you get an email from your boss stating a policy that is
illegal or morally outrageous, such as to shred your company's audit
documents, or to allow a dangerous threat to your country to move
forward unchecked. Today you can send this to a reporter and expose
the activity. With treacherous computing, the reporter won't be able
to read the document; her computer will refuse to obey her.
Treacherous computing becomes a paradise for corruption.
Word processors such as Microsoft Word could use treacherous computing
when they save your documents, to make sure no competing word
processors can read them. Today we must figure out the secrets of
Word format by laborious experiments in order to make free word
processors read Word documents. If Word encrypts documents using
treacherous computing when saving them, the free software community
won't have a chance of developing software to read them — and if
we could, such programs might even be forbidden by the Digital
Millennium Copyright Act.
Since treacherous computing will impose automatically downloaded rules
on your work, you cannot be certain that what you write today can be
read tomorrow. If Microsoft, or the U.S. government, does not like
what you said in a document you wrote, they could post new
instructions telling all computers to refuse to let anyone read that
document. Each computer would obey when it downloads the new
instructions. Your writing would be subject to 1984-style retroactive
erasure. You might be unable to read it yourself.
You might think you can find out what nasty things a treacherous
computing application does, study how painful they are, and decide
whether to accept them. It would be short-sighted and foolish to
accept, but the point is that the deal you think you are making won't
stand still. Once you come to depend on using the program, you are
hooked and they know it; then they can change the deal. Some
applications will automatically download upgrades that will do
something different — and they won't give you a choice about
whether to upgrade.
Today you can avoid being restricted by proprietary software by not
using it. If you run GNU/Linux or another free operating system, and
if you avoid installing proprietary applications on it, then you are
in charge of what your computer does. If a free program has a
malicious feature, other developers in the community will take it out,
and you can use the corrected version. You can also run free
application programs and tools on non-free operating systems; this
falls short of fully giving you freedom, but many users do it.
Treacherous computing puts the existence of free operating systems and
free applications at risk, because you may not be able to run them at
all. Some versions of treacherous computing would require the
operating system to be specifically authorized by a particular
company. Free operating systems could not be installed. Some
versions of treacherous computing would require every program to be
specifically authorized by the operating system developer. You could
not run free applications on such a system. If you did figure out how,
and told someone, that could be a crime.
Editor's note: The full version of this essay is part of Free
Software, Free Society: Selected Essays of Richard
New Title from GNU Press
Free Software, Free Society:
Selected Essays of Richard M. Stallman
Introduction by Laurence Lessig
Edited by Joshua Gay
$24.95 - Hard Cover Edition
The intersection of ethics, law, business and computer software is the
subject of this collection of essays and speeches by MacArthur
Foundation Grant winner, Richard M. Stallman. It includes historical
writings such as The GNU Manifesto, which defined and launched the
activist Free Software Movement, along with new writings on current
topics such as “trusted computing” and the proposed
CBDTPA. Stallman takes a critical look at common abuses of copyright
law and patents when applied to computer software programs, and how
these abuses damage our entire society and remove our existing
freedoms. He also discusses the social aspects of software and how
Free Software can create community and social justice.
The introduction is by Lawrence Lessig, the author of two well-known
books on similar topics. He is a noted legal expert on copyright law
and a Stanford Law School professor.
It isn't that RMS is an idealist, we've plenty of
those. And it isn't that he's a brilliant programmer, we have those
too. It's rather that he mixes those two with a well thought-out
philosophical basis and a pragmatic understanding of the world and
people. He takes ideas about freedom and cooperation that many of us
share and shows how they can form a consistent world view that has
room for the realities of money and business.
— Bil Lewis, computer scientist,
multithreaded programming expert