167 lines
9.4 KiB
HTML
167 lines
9.4 KiB
HTML
<?xml version="1.0" encoding="UTF-8"?>
|
||
<html newsdate="2018-05-30">
|
||
|
||
<head>
|
||
<title>LLW2018: The FSFE brings together top legal experts to debate about
|
||
cross-cutting legal and licensing issues around Free Software</title>
|
||
</head>
|
||
|
||
<body>
|
||
|
||
<h1>LLW2018: The FSFE brings together top legal experts to debate about
|
||
cross-cutting legal and licensing issues around Free Software</h1>
|
||
|
||
<p newsteaser="yes">Following more than a decade long tradition, the
|
||
FSFE once again led its annual Free Software Legal and Licensing
|
||
Workshop (LLW) in 2018: a meeting point for world-leading legal experts
|
||
to debate issues and best practices surrounding Free Software licences.
|
||
This year we decided to bring the event back to its roots and emphasise
|
||
the "Workshop" part in its original title: around 120 legal experts
|
||
gathered for a 3-day conference in Barcelona, Spain with an
|
||
unprecedented amount of parallel tracks and interactive sessions
|
||
designed to dive into the most contentious topics in the legal world of
|
||
Free Software.</p>
|
||
|
||
<p>Traditionally, the whole event is covered under the
|
||
<a href="https://www.chathamhouse.org/chatham-house-rule" target="_blank">Chatham House
|
||
Rule</a>, enabling confidential discussions under fair terms for all the participants.
|
||
However, the part of the conference not covered by Chatham House Rule
|
||
(as explicitly stated by speakers) was reflected in a series of articles
|
||
by Jake Edge from LWN.net, who wrote about the following discussions
|
||
that had taken place during the LLW2018:</p>
|
||
|
||
<p>Marcus von Welser and Armijn Hemel gave an overview of the recent GPL
|
||
compliance <a href="https://lwn.net/Articles/752485/" target="_blank">case</a> in Germany, where
|
||
Patrick McHardy claimed that the company Geniatech violated his
|
||
copyright in Linux kernel. The regional court in Cologne (Germany),
|
||
where the case was brought into action in 2017 initially granted McHardy
|
||
the injunction and obliged Geniatech to stop from distributing any
|
||
version of the kernel. Geniatech appealed the injunction on the grounds
|
||
of being too broad and restrictive, as Patrick McHardy cannot be
|
||
perceived as a co-author of Linux kernel, as he claimed. In fact, his
|
||
contributions to Linux kernel under GPL v.2 could only be considered as
|
||
adaptations under German copyright law which gives him right to claim
|
||
the discontinuation of distributing kernel versions with his
|
||
modifications only. According to Marcus von Welser, there are more than
|
||
100 officially released versions of the kernel that do not include any
|
||
contributions from McHardy. By ordering Geniatech not to distribute any
|
||
version of the kernel, the court was covering kernels that were not even
|
||
part of the dispute with McHardy. After an oral hearing at the higher
|
||
regional court of Cologne in March 2018, McHardy eventually withdrew his
|
||
application for an injunction. The case shows that there is a need for a
|
||
wider information exchange on how to build adequate legal defense
|
||
strategies against copyright trolls.</p>
|
||
|
||
<p>Dirk Hohndel presented the <a href="https://lwn.net/Articles/752982/" target="_blank">challenges of compliance of container
|
||
images</a>. With containers being a hot
|
||
topic, there are many issues with container images and their compliance,
|
||
according to Hohndel. Primarily, it is a common practice to just copy a
|
||
container image from random internet locations, ignoring licences.
|
||
According to Hohndel, such practice is not only a security nightmare but
|
||
also a "rabbit hole" in terms of identifying what is actually shipped in
|
||
such containers. While it is already hard to figure out which packages
|
||
are included in the build, it is even harder to fix any compliance
|
||
issues after you have identified any. The version and which patches are
|
||
applied are also difficult to determine. Beyond that, the licences
|
||
under which those packages are distributed are not obvious. This is why
|
||
it is important to train software developers about the pitfalls of the
|
||
container build systems, according to Hohndel. Additionally, containers
|
||
need to be built with good compliance practices in mind: for example,
|
||
starting from a base that has known-good package versions, corresponding
|
||
source code, and licences. Needles to say, the anti-pattern of
|
||
installing container images from random internet locations has to be
|
||
avoided.</p>
|
||
|
||
<p>Mike Dolan <a href="https://lwn.net/Articles/753648/" target="_blank">presented</a> the Community
|
||
Data Licence Agreement, a legal instrument to enable sharing relevant
|
||
data for applications like machine learning, blockchains, and open
|
||
geolocation, similarly to how Free Sofware licences work for software.
|
||
The idea behind the CDLA is to share data openly using the knowledge
|
||
acquired from decades of sharing source code. There are two types of
|
||
agreements in CDLA inspired by copyleft and non-copyleft licences for
|
||
software. Solely applying Free Software licences to data is not optimal,
|
||
as there are fundamental differences between data and source code, and
|
||
this is why a separate legal instrument is needed in order to address
|
||
issues that are data-specific. For example, data can be perpetual and
|
||
this is why it might be impossible to recreate the same conditions under
|
||
which such data was gathered. That means the license under which such
|
||
data is released may be critical to how it can be used decades or even
|
||
centuries from now.</p>
|
||
|
||
<p>Participants were also updated about recent developments and the
|
||
Appeal's court's reasoning in the on-going legal battle between Oracle
|
||
and Google over latter's use of Java application programming interfaces
|
||
(APIs) in its Android operating system. It is long-standing tradition to
|
||
borrow APIs from different products in software development in order to
|
||
ensure compatibility between programs. In short, an API allows two or
|
||
more programs to speak to each other by using common specifications.
|
||
Oracle brought a legal action against Google back in 2012 claiming its
|
||
copyright violation over the use of APIs written in Java. In 2012, a
|
||
district court ruled that APIs are not subject to copyright. That
|
||
decision was overturned by an appeals court and returned to the same
|
||
district court. In 2016, the jury ruled that Google’s use of the Java
|
||
APIs qualified as permitted "fair use" under US law. Oracle appealed the
|
||
jury decision, stating that Google copied former's APIs solely for
|
||
commercial purposes, copied thousands more lines of code than necessary,
|
||
as well as lured Oracle's customers from licensing Java SE to switching
|
||
to Android because Google provided free access to it. In March 2018, the
|
||
appeals court sided with Oracle and ruled that Google's use of Java APIs
|
||
in question was not fair as a matter of law. While the case is far from
|
||
over, as Google can further appeal the decision in the Supreme court, it
|
||
may set a precedent for software development in general.</p>
|
||
|
||
<p>Artificial intelligence (AI) and automated decision making and its
|
||
connection to Free Software in the 21st century was another topic for a
|
||
debate during the conference. When it comes to generalisation of
|
||
automated decision making, we need to look beyond a Free Software
|
||
licence to meaningfully address all the issues affecting users' rights.
|
||
In the workshop discussion, participants concluded that automated
|
||
decision making raises points that are not easy to solve. In particular,
|
||
we expect every automated decision that affects humans to be accompanied
|
||
by a human understandable explanation of why this decision was made. For
|
||
machine learning techniques, and in particular deep learning, there is
|
||
little understanding on how to ensure that AI is explainable, and it is
|
||
currently an active area for research. There are also challenges when it
|
||
comes to transparency and accountability of decision making processes.
|
||
In particular cases, this criterion is impossible to achieve, e.g. by
|
||
providing full access to medical history of a population used to train
|
||
certain algorithms.</p>
|
||
|
||
<p>In another interactive workshop session, the participants gathered
|
||
to identify and address the common legal pitfalls for public
|
||
procurement of Free Software. The participants first identified a few
|
||
real-life cases on how Free Software procurement process can be
|
||
regulated. A legal requirement to prioritise procurement of Free
|
||
Software (like it is the case in <a
|
||
href="https://fsfe.org/news/2014/news-20140116-01.en.html"
|
||
target="_blank">Italy</a>) is a good option for more Free Software in
|
||
public sector in law and theory. However, the Italian case lacks the
|
||
practical implementation, as the law does not foresee sufficient
|
||
sanctions in case of non-compliance. Another case comes from town of
|
||
Barcelona, Spain, where advanced policies and guidelines for procuring
|
||
Free Software for public sector are adopted on the local municipality
|
||
level. In case of Barcelona, the decision to move towards more Free
|
||
Software in public sector is made by procuring public authorities
|
||
themselves, rather than by a top-down legislative requirement. The
|
||
downside of such a "soft law", however, is the uncertainty of positive
|
||
procurement policies once the mandate of politicians runs out. There
|
||
is, therefore, a need for a culture change in public administrations
|
||
and a strong political will to change existing preconditions in public
|
||
procurement.</p>
|
||
|
||
|
||
<p>The workshop would not have been possible without the generous support
|
||
of all the event's sponsors. In particular, we would like to thank our
|
||
Platinum Sponsors: Intel, Red Hat, and The Linux Foundation.</p>
|
||
|
||
|
||
</body>
|
||
<tags>
|
||
<tag>front-page</tag>
|
||
<tag content="Legal">Legal</tag>
|
||
<tag content="Licensing">Licensing</tag>
|
||
<tag content="Compliance">Compliance</tag>
|
||
</tags>
|
||
<author id="malaja"/>
|
||
</html>
|