Bobulate

Today is the first day of the Amsterdam Legal Workshop — in full I suppose that’s called the Free Software Foundation Europe’s Freedom Task Force European Legal Network yearly workshop in Amsterdam. As in 2008 and 2009, we have a room full of the top lawyers and technologists in the Free Software legal field. Thanks to the organizational efforts of Shane, Karsten, Hugo and Rainer we’ve got a full two days of talks and demonstrations. As in past years, new relationships develop as we bring different parties to a neutral, private conference. We also take stock of where we are on a global scale with respect to Free Software licensing and legal issues. Glyn Moody was kind enough to open up the conference with a talk on the (singular) conversion from analogue to digital which — as is Glyn’s wont — ties together the past and future and fields of law, biology and computer science. And from there, we’ve gone off into deep legal territory which I won’t write about, but it’s an education.

Wednesday I was at the European Parliament building for the EOLE. The event is a medium-sized (say 60 attendees) legal oriented event around Free Software; this year it featured a track full of definitional goodness — let’s try to formulate words commonly used in Free Software (in licenses, but also other writing) in terms that lawyers can understand.

This kind of event is useful because it works towards normalizing the vocabulary used by practitioners in this area: in other words, we end up calling a spade a spade. If we can agree on what “source code” means exactly in the context of the GPL (actually, version 3 has a fairly lengthy definition, which is something we can work with), then it becomes much easier to consistently advise projects and businesses on how they can best engage with Free Software.

Any get-together of people with a strong legal background in Free Software is sure to bring out some more interesting interpretations or corner cases. There’s always another jurisdiction or recent ruling to take into account, and of course every now and then another new license rears its ugly head (like the Jiggy Wanna license, which is basically Sleepycat if I read it right, but still different). In many ways the resulting discussion “dude! if you squint just like so and read the GPLv2, it turns into a dinosaur!” is a lot like a Free Software technology conference “dude! if you hold your breath and do this DBus call, dinosaurs come out of the firewire port!” Fun corner cases, even when we realize that the core values and meaning in uncomplicated cases (read: situations entered into in good faith by all parties) are well understood.

For me — and just how many times have I read the darn GPL, anyway? — the best insight of the day was the proviso of the GPL that says that the written offer of source code availability (if you don’t deliver the source with a binary distribution) must be valid for any third party. So that has a definite effect on your obligations under the GPL; it also affects some GPL-related advice I’ve given in the past to people, as I thought that the written offer applied only to those who have obtained the (binary) distribution. In a license, every letter counts (which is, in a sense, also unfortunate, because that’s why we have so many).

While I was having a weekend meeting — over a week ago now in Frankfurt — there was FrOSCon going on just one or two ICE stops down the line. The overall programme seems (seemed?) pretty interesting, and Michael had a good time (you mean Rainer will let people try to drive his car!?), but there seems to have been very little report out of the conference.

From a research point of view (i.e. the hat I put down when I left the university) I’m somewhat curious about the PHP Quality Assurance Tools and The State of Test in Open Source talks. Writing enough tests is always tough, unless the culture of a project really encourages it; that’s basically where discipline and a desire to write the very best code have to win out over “let’s get it out there quick.” (Note that this is a use of “Open Source” that I’m not going to complain about: it’s about a development model which offers source for viewing — which enables the creation of tests, but does not necessarily enable any of the other Freedoms.) Of course, within a quality measurement framework (yes, I’m talking about the EBN which is in dire need of some hobby-time love from me) processing large amounts of data is important, so I suppose large scale analysis tools would be interesting as well.

Turning to legal issues (my work hat), I’m pleased to see a Free Software conference with an explicit legal track. One of the more interesting talks (from a licensing perspective) wasn’t filed under legal, though: Freie Software und SaaS, which seems to have talked about the AGPL. That’s interesting because the AGPL tries to close the “distribution” loophole in the GPL — for those authors who feel that that is a loophole that they do not want their code to pass through. Patents and e-mail regulation show up in the legal track as well — remember that business communication needs to be stored and tracked. The most intriguing talk of them all is the Opensource in der Praxis talk, where Open Source as a term is used badly, but let’s let that go.

I’ve got to admire a talk with slides made in TeX. Absolutely.

Unfortunately, my German isn’t good enough to construct a coherent talk based on just the slides, and the talk seems to have touched on a couple of potential issues when it comes to the applicability of Free Software licenses in Germany; that’s a topic I like to think is well-understood, so I’m curious if anyone who attended the talk can give me a summary — or put me in touch with the author (yay lazyweb!).

The new legal journal IFOSSLR was launched officially yesterday; see also Carlo Piana’s description. For a legal journal, I think we can claim a real success already, with many thousands of downloads. The topics covered include procurement, risk, the Jacobsen case and random comments by myself around Free Software branding. At the launch event, kindly hosted by Berwin Leighton Paisner, I ran into Glyn Moody (a bit on open access journals, too) and Karen Sandler (from the SFLC). It was just like being back on the Canary islands, almost.

I also discovered that after ten hours of exposure to lawyers, I pass out. Sorry about that, Malcolm.

There’s a new legal journal out, and it is all about (and by) us. “Us” in the wide sense of the word, those people that are concerned with legal issues around Free Software communities, projects, organizations. You can find it on boing boing as well, where Andrew Katz, one of the editorial team, is quoted as “even lawyers can adopt a collaborative model and create something both free as in freedom, and as in beer.” This collaboration is in part thanks to the Freedom Task Force of the Free Software Foundation Europe, which has created a neutral ground for exactly this kind of collaboration and sparring around Free Software law questions. You’ll see that positive, constructive dialogue is our main weapon.

If you were to look in the journal, you’d find a piece by me commenting on some topics that were active in march and april, basically a blog on paper. I like it that way, and I feel my role both as a columnist for that journal and within the FTF as a whole is to push the technical and community aspects. In other words, make sure that the topics that are relevant in Free Software communities are taken up by the legal experts that write for the journal. In the meantime, I’m learning about the practice and interpretation of law. It’s fun to get lost in the twisty passages of esoteric interpretations of licenses, but far more useful in the medium term to provide services aimed at projects and businesses involved with Free Software. The journal, I think, provides a means to communicate interpretations of the law to all involved — also people in the projects, not on the bench.

One might get one’s knickers in a knot over the title of the journal, which contains either a redundancy (Open Source software is Free Software, and there’s no need to expand upon Free Software) or is missing several additional terms like Libre and Liberal. I like the latter, but that’s because the opening keynote of GCDS was by Robert Lefkowitz; it was a wonderful display of showmanship and rhetorical skill. The upshot of the talk was that we use Free Software because we are lawyers (or pretend to talk to them) and gentlemen.

So be it. I will go find my monocle and take the first train to London, there to consult with Sherlock Holmes on the case of the licentious liberal.

The Fiduciary License Agreement (FLA) between KDE contributors and KDE e.V. is one that assigns those assignable rights derived from authorship from the original author to the fiduciary (i.e. KDE e.V.) and then assigns, non-exclusively, the rights on that work to (0) use, (1) study, (2) modify, (3) distribute and (4) authorize third-parties for the same, back to the original author.

Ugh, that’s a lot of legalese, but that is also why my slogan for the KDE project is “I talk to lawyers so you don’t have to.” It’s a wonderful thing that Sebas has been talking to KDE contributors at LinuxTag and has obtained a number of signed FLA documents. That means that a good chunk of important KDE code is now actually owned — in the sense of copyright — by KDE e.V. Sebas quotes our friend Carlo Piana (he received the pineapple fortune cookie award for Coolest Lawyer, once) describing an FLA as follows:

The fiduciary licence aims at simplifying this process, by assigning the copyright to an entity as KDE e.V. which is not “scalable” and therefore provides sufficient safeguards as to the possible hijacking of the project for nefarious reasons.

Now, I’m not entirely sure about that “scalable” there. KDE e.V. is scalable, in the sense that with individual donations and supporting members we have the resources to support the growing developer and contributor communities as well as serve users in general though efforts like UserBase. I think what Carlo meant is “saleable”, in the sense of “you can’t buy a community.” I’ll have to ask him, next time we meet.

So you can’t buy a community and you can’t buy a non-profit association with strong checks and balances in its constitution. This is good, and having a strong copyleft Free Software license applied to the software as well ensures its long-term availability (don’t let that link fool you, though: the KDE platform libraries are LGPL licensed, so you can, if you really feel it is necessary, write proprietary applications on top of it — but consult your local counsel for license advice). The main issue that the FLA tries to solve is really one of license and responsibility fragmentation.

When multiple authors work on something, then each author has a share of the copyright on the creative work — at least, each author who contributes something original and creative enough to be considered a creative work. This leads to multiple authors and the requirement to agree on copyright matters between all the authors in a particular work. This fragmentation can consume considerable resources if ever there is a particular need to deal with all the rightsholders for one particular work.

Note that KDE contributors — all of them — have traditionally been rather lax in maintaining the copyright headers in our sources. We do not maintain a comprehensive list of authors in each file, nor do we follow GPLv3 article 5.a very well, in general. Figuring out exactly when 5.a applies is something I’ll leave for the real lawyers and another blog post. In any case, a consequence of the signing of the FLA’s by a number of authors is that for their work the copyright header should be changed to

Copyright [years] KDE e.V. <kde-licensing@kde.org>

Ideally we would include a postal address (of KDE e.V.) as well; the whole point of this exercise is to make it really darn clear who to contact for licensing information and to make sure that we clearly claim the copyright on these files.

Note also that the KDE licensing policy is lacking in some details and allows poor licensing hygiene by potentially mixing incompatible licenses: we have had license checks (Tom Albers has now and in the past been instrumental in moving that forward). Just because we’re not doing things optimally now doesn’t mean we can’t move forward and improve things (this applies in many fields of endeavour).

The FLA used by KDE e.V. has a big blank where you can fill in which works are covered by the FLA. There is also a pre-filled form (PDF, 50kB) which identifies the works using standard language referring to your SVN account name. That should make filling things in easier. If you didn’t sign up at LinuxTag, you could print that, fill it in, and mail the form to the KDE e.V. office. We maintain a list of signed FLA’s as well, to keep track of who has done so — let me emphasize that the signing of an FLA is optional and the choice to do so rests entirely with the individual whose creative work is covered (or would be covered) by such an FLA.

So, by concentrating the copyrights held we reduce fragmentation; given that we have a strong basis to build on with careful checks and balances in the consitution of KDE e.V., this is an improvement for the currently-hypothetical case that we would want to (or have to) relicense large parts of KDE to some other Free Software licence.

There are additional checks placed on any relicensing attempt on the part of KDE e.V. They were added as a sort of backup guarantee that KDE e.V. cannot do evil in relicensing code. However, at the same time these relicensing restrictions (written down in the Fiduciary Relicensing Policy) reduce the effectiveness of the FLA itself, because the FRP says that we at least have to try to get permission from the original author before relicensing. However, it does mean that we get to judge “reasonable effort” ourselves instead of letting someone else do it. So in the end we (as in KDE e.V., representing the KDE community as a whole) do have a stronger grasp of the code in order to be able to defend it if needed.

And, since the rights are transferred back in a non-exclusive license to the original author, the original author may fork or relicense if that’s really absolutely necessary. I should point out that that should be a real last resort and that working with the rightsholder (i.e. KDE e.V.) should be preferred. Remember, KDE e.V. exists to support (“we exist only to serve”) the development of KDE software, including the KDE workspace, KDE platform, and KDE applications. If there is some perceived need to fork, then somewhere there’s a misunderstanding of what the constitutional aims of the association are.

But I digress. There is an FLA, and it is signed by many people. Perhaps many more will do so at Akademy this year.

So where do we go from here? Maybe next weekend, we can take over the world.

The answer to this question actually depends on which hat I’m wearing. The KDE hat says: continue to consolidate licensing, pursue license checking and accuracy across the entire codebase and behave as an exemplary community software project with regards to legal matters.

My FSFE hat says that we need to take the concrete experience with KDE and with Bacula and introduce other projects in Europe and the rest of the world to this kind of lightweight legal housekeeping. The FLA has been translated into many languages, but I feel that having used it in KDE it could use a little extra precision. Also, any legal document intended for use by non-lawyers probably needs an implementation guide and HOWTO. And most importantly, those need to be well-known to projects who might need such documentation.