> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Ted Mittelstaedt
> Sent: Saturday, September 02, 2006 5:28 PM
> To: openssl-users@openssl.org
> Subject: Re: license question
>
>
>
> ----- Original Message -----
> From: "David Schwartz" <[EMAIL PROTECTED]>
> To: <openssl-users@openssl.org>
> Sent: Saturday, September 02, 2006 5:22 AM
> Subject: RE: license question
> Copyright law gives the copyright holder almost unlimited power to control
> distribution of the copyrighted work - until the copyright
> expires, that is.
Correct, but we're talking about what people who never distributed
anything
can or cannot do. You are correct that you must comply with the OpenSSL
license if you wish to distribute OpenSSL. (There are possible ways one
might get around this, but they're so obviously intended to circumvent fair
rules that I doubt any court would buy them.)
> About the
> only thing a copyright holder can't do is force a user of his work to do
> something illegal. But, if for example, a songwriter decides
> that the only
> way
> your going to be able to listen to his copyrighted work is to pay him
> then paint yourself green and stand on your head while he plays it, well
> then better get the paintbrush.
This is true if and only if he doesn't widely distribute the work. The
way
he could make this work is by not distributing the work to anyone who didn't
agree to his terms. This could be done by means of an EULA, click-through,
shrink-wrap, or signed agreement. But the OpenSSL license is none of these
things -- you do not need to agree to it to lawfully receive the work. And
you are not compelled by a license enforcement scheme to agree to the
license in order to use the work.
This squarely robs the license of the ability to restrict use. I should
point out that this is not just my view. This is, for example, the FSF's
view as well. Licenses that rely on copyright for their power cannot
restrict use.
The OpenSSL license is this type of license. If you don't see why,
imagine
if there were no copyright laws. What would you do if I copied, modified,
and distributed OpenSSL willy-nilly? Charge me with violating a license I
never agreed to?
> Adn please, don't waste time quoting fair use, if fair use was really
> observed then
> the news organizations wouldn't be chasing after people they interview
> all the time to get them to sign releases. It is very rare that a court
> upholds fair use on copyrighted material, at least in the United
> States. Hell, you can't even put a 1 minute partial section of a
> song track
> on
> a website these days under fair use without the RIAA jumping all
> over you.
I'm not talking about fair use. I'm talking about something much more
fundamental -- copyright law just does not give the copyright holder the
right to restrict use. Read the law and find the clause that says this is
the case, you cannot do it.
> > not by the license itself. The license can only
> > restrict an action that copyright law gives a copyright holder the right
> > to
> > restrict.
> And since copyright law gives the copyright holder unlimited authority to
> control use and distribution, what is the point?
You repeat this error over and over. Copyright law does *not* give the
copyright holder authority to control use. I explained why this must be the
case -- if it did, I could drop a million copies of my poem from an airplane
and sue everyone who read it.
Under United States copyright law, a copyright holder cannot restrict
someone who lawfully possesses a copy of the work from using that work. You
can only obtain this right from sources other than copyright.
> > For example, if the OpenSSL license said that if you ever downloaded a
> > copy
> > of OpenSSL, you had to pay the authors $1,000,000, this would not be
> > valid.
> Huh? I think the people that run itunes would beg to disagree.
I doubt it. It's obviously correct.
> > It would only be valid if the license were the only way to get the right
> > or
> > ability to download a copy of OpenSSL.
> not correct. I think you need to rework this example, obviously you
> have some point buried in there your trying to make.
No, that is correct. That is, if iTunes charges you $1 to download a
song,
then they will not make the copy for you unless you pay them. They can do
that. However, if they let you download the song and rely only on copyright,
they cannot then charge you for using the song you already downloaded. If
they wanted that right, they would have to obtain it from some source other
than copyright. (Which they can, since you click-through their terms of
service.)
> > Since nobody formally agrees to, clicks on, or otherwise assents to the
> > OpenSSL license, the OpenSSL license only applies to you when you choose
> > to
> > accept it. Of course, should you not choose to accept it and then do
> > something copyright law prohibits you from doing, you are violating
> > copyright law. (Read this over a few times until you get it. This is the
> > crux right here.)
> Ah, that argument. You aren't the first person to think up that one.
Huh? It's obviously correct.
> As far as whether software licenses apply whether or not someone
> agrees to the license in writing, or by clicking, or by opening the
> shrink wrap, well that is still an open question. There's been plenty
> of infringment lawsuits in the past in the software industry where the
> accused has made a similar claim. Unfortunately, in the US they
> all seem to
> get settled out of court. The software industry really does not want
> shrink wrap licensing tested in court, and that includes the FSF -
> who has bent over backwards to prevent it's precious GNU license
> tested in US court.
You are confusing shrink-wrap licenses with copyright licenses. There
is a
*huge* difference. A shrink-wrap license is one you must perform a positive
act of assent to in order to obtain the work. For pure copyright licenses
like the OpenSSL license, if someone violates the license, you must charge
them with infringing your copyright.
> In other countries where the courts are less sympathetic to the
> copyright holder, there have been some case law created. Like in
> Germany for example. But, I invite you to go infringe a software
> license in the US, get the copyright holder to come after you,
> then try this argument out in an US court and see how far it gets.
> You can start out with an OEM license, load that on another
> piece of hardware, then get the holder to sue you. I'd love to
> see those ruled invalid.
These are EULAs. I'm talking about pure copyright licenses like the
OpenSSL, BSD, and GPL licenses. EULAs are agreements, you must actually
agree to them to use the work and this is actually enforced in some manner.
> But until someone has the nuts to do this in the US, your not
> going to find many users with much of value who are vulnerable
> to being bled dry by legal action in the US, to take this approach.
> So while it might have merit in a theoretical discussion, it is
> useless in practicality, at least in corporate America.
There is no question but that you can only violate a license like the
OpenSSL license, BSD license, or GPL by doing something that copyright law
prohibits you from doing. You cannot create new restrictions on people by
writing things on a piece of paper.
For example, to see the FSF's general counsel making this same argument,
read this:
http://emoglen.law.columbia.edu/publications/lu-12.html
> > This doesn't matter because the license cannot set its own
> > scope. One has,
> > under copyright law, the right to *use* any work one has lawfully
> > acquired.
> > If you think about it, this must be so. Otherwise, I could drop
> > copies of
> > my
> > poem from an airplane and then sue anyone who read it without complying
> > with
> > my license terms.
> You don't "license" poems so that does not apply.
What? Of course you do. How else do you get the rights to copy them,
distribute them, perform them publically, create derivative works from them,
and do anything else that copyright law restricts to the author?
> You have also chosen
> a distribution mechanism - dropping from the plane - that you have an
> inherent inability to control the use of the material. So, for the first
> use
> at least - the initial read of the poem - while you could sue,
> you wouldn't
> win. But, you could certainly sue, and win, if someone reprinted
> the poem.
Granted. By dropping the poem from airplanes, you concede the right to
restrict ordinary use. This is the law and it makes sense. The same is true
by making OpenSSL available for download to anyone who wants it without
obtaining any agreement from them.
> I am in agreement with you that the idea that software should be even
> PERMITTED to be licensed in the first place is fucking stupid, and should
> never have been permitted in the first place. But the realities of what
> people are doing today in the industry are that at least in the united
> states,
> the industry is arguing that software is considered a device, thus
> patentable,
> not an expression. And so far, nobody with money has stood up to
> fight that all the way to the US Supreme Court, even though there's
> a lot of bad law, like the DMCA that is institutionalizing it.
Software contains a mix of ideas and expression. Theoretically, only the
ideas are patentable and only the expression is copyrightable.
> > If you read copyright law, you will see that the right to *use*
> > a work is
> > *not* one of the rights reserved to the copyright holder. So the OpenSSL
> > license can't restrict the *use* of a work any more than it can restrict
> > breathing.
> Thus, the reason that industry is pushing for software licenses to be
> considered to apply automatically. And they are gradually getting it.
It's kind of hard to tell. Most companies take a shotgun approach in the
hopes that some legal theory will make their license enforceable. The
following things seem to work (with some exceptions for things like
unconscionable terms):
1) Making a person actually assent to a license through some positive act
before they can lawfully obtain the work.
2) Making a person actually assent to a license in order to physically
install or use the work. (For example, an installer that makes you click 'I
agree' to install the work.)
3) Only restricting things that copyright law prohibits a person from doing.
Some courts have held that whether software was sold or licensed is a
question of fact and the software distributor's word for it need not be
taken. Factors influencing the decision are things like whether the license
was negotiated, whether there is are continuing payments required to keep
using the software, and so on.
I'm hopeful that more courts will accept the duck principle -- if it
walks
like a duck, quacks like a duck, and flies like a duck, it's a duck. If you
pay one price, own a piece of media, and have no necessary further
significant contacts with the vendor, that's a sale.
But you never know.
Do you know of any cases where a license that required no positive act
of
assent was held to restrict use?
> > The OpenSSL license is not a click-through or shrink-wrap license. There
> > is
> > no way you can argue that a person agreed to the license merely by using
> > OpenSSL. You cannot violate a pure license by using a work. (You can
> > violate
> > an EULA, shrink-wrap, or click-through agreement. But the
> > OpenSSL license
> > is
> > none of those.)
> Tell that to the FSF.
That is their position. For example, Eben Moglen, General Counsel to the
FSF wrote:
"The license does not require anyone to accept it in order to acquire,
install, use, inspect, or even experimentally modify GPL'd software. All of
those activities are either forbidden or controlled by proprietary software
firms, so they require you to accept a license, including contractual
provisions outside the reach of copyright, before you can use their works.
The free software movement thinks all those activities are rights, which all
users ought to have; we don't even want to cover those activities by
license. Almost everyone who uses GPL'd software from day to day needs no
license, and accepts none. The GPL only obliges you if you distribute
software made from GPL'd code, and only needs to be accepted when
redistribution occurs."
Seriously, I'm really not saying anything controversial.
> > It doesn't matter. We're talking purely about the scope of the license.
> > The
> > license cannot expand its own scope, only reduce it. A pure copyright
> > license like OpenSSL's, the BSD license, or the GPL *cannot*
> > restrict use.
> > It does not have that power under copyright law. (17 USC 109)
> Then please get Microsoft to sue you when you use an OEM version on
> a new hardware PC, make that argument in court, and get it invalidated.
> Until then I say your full of baloney. Maybe tasty baloney, but baloney
> nevertheless.
If no positive act of assent to the license is required, then I would be
quite surprised if a court rejected the argument. Do you know any cases that
address this issue?
The FSF does not agree with you, for example, see:
http://lwn.net/Articles/61292/
DS
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
