Search This Blog

Thursday, August 3, 2023

Wiretapping

From Wikipedia, the free encyclopedia
https://en.wikipedia.org/wiki/Wiretapping

Wiretapping also known as wire tapping or telephone tapping, is the monitoring of telephone and Internet-based conversations by a third party, often by covert means. The wire tap received its name because, historically, the monitoring connection was an actual electrical tap on an analog telephone or telegraph line. Legal wiretapping by a government agency is also called lawful interception. Passive wiretapping monitors or records the traffic, while active wiretapping alters or otherwise affects it.

Legal status

Telephone line control device "Jitka", used in late 1960s by Czechoslovakian StB to signal line occupancy, and connect a recorder

Lawful interception is officially strictly controlled in many countries to safeguard privacy; this is the case in all liberal democracies. In theory, telephone tapping often needs to be authorized by a court, and is again in theory, normally only approved when evidence shows it is not possible to detect criminal or subversive activity in less intrusive ways. Oftentimes, the law and regulations require that the crime investigated must be at least of a certain severity. Illegal or unauthorized telephone tapping is often a criminal offense. In certain jurisdictions, such as Germany and France, courts will accept illegally recorded phone calls without the other party's consent as evidence, but the unauthorized telephone tapping will still be prosecuted.

United States

In the United States, under the Foreign Intelligence Surveillance Act, federal intelligence agencies can get approval for wiretaps from the United States Foreign Intelligence Surveillance Court, a court with secret proceedings, or in certain circumstances from the Attorney General without a court order.

The telephone call recording laws in most U.S. states require only one party to be aware of the recording, while twelve states require both parties to be aware. In Nevada, the state legislature enacted a law making it legal for a party to record a conversation if one party to the conversation consented, but the Nevada Supreme Court issued two judicial opinions changing the law and requiring all parties to consent to the recording of a private conversation for it to be legal. It is considered better practice to announce at the beginning of a call that the conversation is being recorded.

The Fourth Amendment to the United States Constitution protects privacy rights by requiring a warrant to search an individual. However, telephone tapping is the subject of controversy surrounding violations of this right. There are arguments that wiretapping invades an individual's personal privacy and therefore violates their Fourth Amendment rights. On the other hand, there are certain rules and regulations, which permit wiretapping. A notable example of this is the Patriot Act. The Patriot act does, in certain circumstances, give the government permission to wiretap citizens. In addition, wiretapping laws vary per state which makes it even more difficult to determine whether the Fourth Amendment is being violated.

Canada

In Canadian law, police are allowed to wiretap without the authorization from a court when there is the risk for imminent harm, such as kidnapping or a bomb threat. They must believe that the interception is immediately necessary to prevent an unlawful act that could cause serious harm to any person or to property. This was introduced by Rob Nicholson on February 11, 2013, and is also known as Bill C-55. The Supreme Court gave Parliament twelve months to rewrite a new law. Bill C-51 (also known as the Anti-Terrorism Act) was then released in 2015, which transformed the Canadian Security Intelligence Service from an intelligence-gathering agency to an agency actively engaged in countering national security threats.

Legal protection extends to 'private communications' where the participants would not expect unintended persons to learn the content of the communication. A single participant can legally, and covertly record a conversation. Otherwise police normally need a judicial warrant based upon probable grounds to record a conversation they are not a part of. In order to be valid wiretap authorization must state: 1) the offense being investigated by the wiretap, 2) the type of communication, 3) the identity of the people or places targeted, 4) the period of validity (60 days from issue).

India

In India, the lawful interception of communication by authorized law enforcement agencies (LEAs) is carried out in accordance with Section 5(2) of the Indian Telegraph Act, 1885 read with Rule 419A of Indian Telegraph (Amendment) Rules, 2007. Directions for interception of any message or class of messages under sub-section (2) of Section 5 of the Indian Telegraph Act, 1885 shall not be issued except by an order made by the Secretary to the Government of India in the Ministry of Home Affairs in the case of Government of India and by the Secretary to the State Government in-charge of the Home Department in the case of a state government. The government has set up the Centralized Monitoring System (CMS) to automate the process of lawful interception and monitoring of telecommunications technology. The government of India on 2015 December 2 in a reply to parliament question no. 595 on scope, objectives and framework of the CMS has struck a balance between national security, online privacy and free speech informed that to take care of the privacy of citizens, lawful interception and monitoring is governed by the Section 5(2) of Indian Telegraph Act, 1885 read with Rule 419A of Indian Telegraph (Amendment) Rules, 2007 wherein oversight mechanism exists in form of review committee under chairmanship of the Cabinet Secretary at Central Government level and Chief Secretary of the State at the state government level. Section 5(2) also allows the government to intercept messages that are public emergencies or for public safety.

Methods

Official use

The contracts or licenses by which the state controls telephone companies often require that the companies must provide access to tapping lines to law enforcement. In the U.S., telecommunications carriers are required by law to cooperate in the interception of communications for law enforcement purposes under the terms of Communications Assistance for Law Enforcement Act (CALEA).

When telephone exchanges were mechanical, a tap had to be installed by technicians, linking circuits together to route the audio signal from the call. Now that many exchanges have been converted to digital technology, tapping is far simpler and can be ordered remotely by computer. This central office switch wiretapping technology using the Advanced Intelligent Network (AIN) was invented by Wayne Howe and Dale Malik at BellSouth's Advanced Technology R&D group in 1995 and was issued as US Patent #5,590,171. Telephone services provided by cable TV companies also use digital switching technology. If the tap is implemented at a digital switch, the switching computer simply copies the digitized bits that represent the phone conversation to a second line and it is impossible to tell whether a line is being tapped. A well-designed tap installed on a phone wire can be difficult to detect. In some places, some law enforcement may be able to even access a mobile phone's internal microphone even while it isn't actively being used on a phone call (unless the battery is removed or drained). The noises that some people believe to be telephone taps are simply crosstalk created by the coupling of signals from other phone lines.

Data on the calling and called number, time of call and duration, will generally be collected automatically on all calls and stored for later use by the billing department of the phone company. These data can be accessed by security services, often with fewer legal restrictions than for a tap. This information used to be collected using special equipment known as pen registers and trap and trace devices and U.S. law still refers to it under those names. Today, a list of all calls to a specific number can be obtained by sorting billing records. A telephone tap during which only the call information is recorded but not the contents of the phone calls themselves, is called a pen register tap.

For telephone services via digital exchanges, the information collected may additionally include a log of the type of communications media being used (some services treat data and voice communications differently, in order to conserve bandwidth).

Non-official use

A telephone recording adapter (in-line tap). The phone jack connects to the wall socket while the phone being monitored is connected to the adapter's socket. The audio plug connects to the recording device (computer, tape recorder, etc.).

Conversations can be recorded or monitored unofficially, either by tapping by a third party without the knowledge of the parties to the conversation or recorded by one of the parties. This may or may not be illegal, according to the circumstances and the jurisdiction.

There are a number of ways to monitor telephone conversations. One of the parties may record the conversation, either on a tape or solid-state recording device, or they may use a computer running call recording software. The recording, whether overt or covert, may be started manually, automatically when it detects sound on the line (VOX), or automatically whenever the phone is off the hook.

  • using an inductive coil tap (telephone pickup coil) attached to the handset or near the base of the telephone, picking up the stray field of the telephone's hybrid;
  • fitting an in-line tap, as discussed below, with a recording output;
  • using an in-ear microphone while holding the telephone to the ear normally; this picks up both ends of the conversation without too much disparity between the volumes;
  • more crudely and with lower quality, simply using a speakerphone and recording with a normal microphone.

The conversation may be monitored (listened to or recorded) covertly by a third party by using an induction coil or a direct electrical connection to the line using a beige box. An induction coil is usually placed underneath the base of a telephone or on the back of a telephone handset to pick up the signal inductively. An electrical connection can be made anywhere in the telephone system, and need not be in the same premises as the telephone. Some apparatus may require occasional access to replace batteries or tapes. Poorly designed tapping or transmitting equipment can cause interference audible to users of the telephone.

The tapped signal may either be recorded at the site of the tap or transmitted by radio or over the telephone wires. As of 2007 state-of-the-art equipment operates in the 30–300 GHz range to keep up with telephone technology compared to the 772 kHz systems used in the past. The transmitter may be powered from the line to be maintenance-free, and only transmits when a call is in progress. These devices are low-powered as not much power can be drawn from the line, but a state-of-the-art receiver could be located as far away as ten kilometers under ideal conditions, though usually located much closer. Research has shown that a satellite can be used to receive terrestrial transmissions with a power of a few milliwatts. Any sort of radio transmitter whose presence is suspected is detectable with suitable equipment.

Conversation on many early cordless telephones could be picked up with a simple radio scanner or sometimes even a domestic radio. Widespread digital spread spectrum technology and encryption has made eavesdropping increasingly difficult.

A problem with recording a telephone conversation is that the recorded volume of the two speakers may be very different. A simple tap will have this problem. An in-ear microphone, while involving an additional distorting step by converting the electrical signal to sound and back again, in practice gives better-matched volume. Dedicated, and relatively expensive, telephone recording equipment equalizes the sound at both ends from a direct tap much better.

Location data

Mobile phones are, in surveillance terms, a major liability. For mobile phones the major threat is the collection of communications data. This data does not only include information about the time, duration, originator and recipient of the call, but also the identification of the base station where the call was made from, which equals its approximate geographical location. This data is stored with the details of the call and has utmost importance for traffic analysis.

It is also possible to get greater resolution of a phone's location by combining information from a number of cells surrounding the location, which cells routinely communicate (to agree on the next handoff—for a moving phone) and measuring the timing advance, a correction for the speed of light in the GSM standard. This additional precision must be specifically enabled by the telephone company—it is not part of the network's ordinary operation.

Internet

In 1995, Peter Garza, a Special Agent with the Naval Criminal Investigative Service, conducted the first court-ordered Internet wiretap in the United States while investigating Julio Cesar "Griton" Ardita.

As technologies emerge, including VoIP, new questions are raised about law enforcement access to communications (see VoIP recording). In 2004, the Federal Communications Commission was asked to clarify how the Communications Assistance for Law Enforcement Act (CALEA) related to Internet service providers. The FCC stated that “providers of broadband Internet access and voice over Internet protocol (“VoIP”) services are regulable as “telecommunications carriers” under the Act.” Those affected by the Act will have to provide access to law enforcement officers who need to monitor or intercept communications transmitted through their networks. As of 2009, warrantless surveillance of internet activity has consistently been upheld in FISA court.

The Internet Engineering Task Force has decided not to consider requirements for wiretapping as part of the process for creating and maintaining IETF standards.

Typically, illegal Internet wiretapping will be conducted via Wi-Fi connection to someone's internet by cracking the WEP or WPA key, using a tool such as Aircrack-ng or Kismet. Once in, the intruder will rely on a number of potential tactics, for example an ARP spoofing attack which will allow the intruder to view packets in a tool such as Wireshark or Ettercap.

Mobile phone

The second generation mobile phones (c. 1978 through 1990) could be easily monitored by anyone with a 'scanning all-band receiver' because the system used an analog transmission system-like an ordinary radio transmitter. The third generation digital phones are harder to monitor because they use digitally encoded and compressed transmission. However the government can tap mobile phones with the cooperation of the phone company. It is also possible for organizations with the correct technical equipment to monitor mobile phone communications and decrypt the audio.

To the mobile phones in its vicinity, a device called an "IMSI-catcher" pretends to be a legitimate base station of the mobile phone network, thus subjecting the communication between the phone and the network to a man-in-the-middle attack. This is possible because, while the mobile phone has to authenticate itself to the mobile telephone network, the network does not authenticate itself to the phone. There is no defense against IMSI-catcher based eavesdropping, except using end-to-end call encryption; products offering this feature, secure telephones, are already beginning to appear on the market, though they tend to be expensive and incompatible with each other, which limits their proliferation.

Webtapping

Logging the IP addresses of users that access certain websites is commonly called "webtapping".

Webtapping is used to monitor websites that presumably contain dangerous or sensitive materials, and the people that access them. Though it is allowed by the USA PATRIOT Act, it is considered a questionable practice by many citizens.

Telephones recording

In Canada, anyone is legally allowed to record a conversation as long as they are involved in the conversation. The police must apply for a warrant beforehand to legally eavesdrop on the conversation. It must be expected that it will reveal evidence to a crime. State agents are lawfully allowed to record conversations, but to reveal the evidence in court, they must obtain a warrant.

History

Many state legislatures in the United States enacted statutes that prohibited anyone from listening in on telegraph communication. Telephone wiretapping began in the 1890s, following the invention of the telephone recorder, and its constitutionality was established in the Prohibition-Era conviction of bootlegger Roy Olmstead. Wiretapping has also been carried out under most Presidents, sometimes with a lawful warrant since the Supreme Court ruled it constitutional in 1928. On October 19, 1963, U.S. Attorney General Robert F. Kennedy, who served under John F. Kennedy and Lyndon B. Johnson, authorized the FBI to begin wiretapping the communications of Rev. Martin Luther King Jr. The wiretaps remained in place until April 1965 at his home and June 1966 at his office.

The history of voice communication technology began in 1876 with the invention of Alexander Graham Bell’s telephone. In the 1890s, “law enforcement agencies begin tapping wires on early telephone networks”. Remote voice communications “were carried almost exclusively by circuit-switched systems,” where telephone switches would connect wires to form a continuous circuit and disconnect the wires when the call ended). All other telephone services, such as call forwarding and message taking, were handled by human operators. However, the first computerized telephone switch was developed by Bell Labs in 1965. This got rid of standard wiretapping techniques.

In late 1940, the Nazis tried to secure some telephone lines between their forward headquarters in Paris and a variety of Fuhrerbunkers in Germany. They did this by constantly monitoring the voltage on the lines, looking for any sudden drops or increases in voltage indicating that other wiring had been attached. However, the French telephone engineer Robert Keller succeeded in attaching taps without alerting the Nazis. This was done through an isolated rental property just outside of Paris. Keller's group became known to SOE (and later Allied military intelligence generally) as "Source K". They were later betrayed by a mole within the French resistance, and Keller was murdered in Bergen-Belsen in April 1945.

In the 1970s, optical fibers become a medium for telecommunications. These fiber lines, “long, thin strands of glass that carry signals via laser light,” are more secure than radio and have become very cheap. From the 1990s to the present, the majority of communications between fixed locations has been achieved by fiber. Because these fiber communications are wired, they're given greater protection under U.S. law.

The earliest wiretaps were extra wires—physically inserted to the line between the switchboard and the subscriber—that carried the signal to a pair of earphones and a recorder. Later on, wiretaps were installed at the central office on the frames that held the incoming wires.”

Before the attack on Pearl Harbor and the subsequent entry of the United States into World War II, the U.S. House of Representatives held hearings on the legality of wiretapping for national defense. Significant legislation and judicial decisions on the legality and constitutionality of wiretapping had taken place years before World War II. However, it took on new urgency at that time of national crisis. The actions of the government regarding wiretapping for the purpose of national defense in the current war on terror have drawn considerable attention and criticism. In the World War II era, the public was also aware of the controversy over the question of the constitutionality and legality of wiretapping. Furthermore, the public was concerned with the decisions that the legislative and judicial branches of the government were making regarding wiretapping.

CrimethInc. sticker on a telephone warning users of phone tapping by the U.S. government

In 1967 the U.S. Supreme Court ruled that wiretapping (or “intercepting communications”) requires a warrant in Katz v. United States. In 1968 Congress passed a law that provided warrants for wiretapping in criminal investigations. In 1978 the Foreign Intelligence Surveillance Act (FISA) created a "secret federal court" for issuing wiretap warrants in national security cases. This was in response to findings from the Watergate break-in, which allegedly uncovered a history of presidential operations that had used surveillance on domestic and foreign political organizations.

In 1994, Congress approved the Communications Assistance for Law Enforcement Act (CALEA), which “requires telephone companies to be able to install more effective wiretaps. In 2004, the Federal Bureau of Investigation (FBI), United States Department of Justice (DOJ), Bureau of Alcohol, Tobacco, Firearms, and Explosives (ATF), and Drug Enforcement Administration (DEA) wanted to expand CALEA requirements to VoIP service.”

The Federal Communications Commission (FCC) ruled in August 2005 that “broadband-service providers and interconnected VoIP providers fall within CALEA’s scope. Currently, instant messaging, web boards and site visits are not included in CALEA’s jurisdiction. In 2007 Congress amended FISA to “allow the government to monitor more communications without a warrant”. In 2008 President George W. Bush expanded the surveillance of internet traffic to and from the U.S. government by signing a national security directive.

In the Greek telephone tapping case 2004–2005 more than 100 mobile phone numbers belonging mostly to members of the Greek government, including the Prime Minister of Greece, and top-ranking civil servants were found to have been illegally tapped for a period of at least one year. The Greek government concluded this had been done by a foreign intelligence agency, for security reasons related to the 2004 Olympic Games, by unlawfully activating the lawful interception subsystem of the Vodafone Greece mobile network. An Italian tapping case which surfaced in November 2007 revealed significant manipulation of the news at the national television company RAI.

In 2008, Wired and other media reported a lamplighter disclosed a "Quantico Circuit", a 45-megabit/second DS-3 line linking a carrier's most sensitive network in an affidavit that was the basis for a lawsuit against Verizon Wireless. The circuit provides direct access to all content and all information concerning the origin and termination of telephone calls placed on the Verizon Wireless network as well as the actual content of calls, according to the filing.

The most recent case of U.S. wiretapping was the NSA warrantless surveillance controversy discovered in December 2005. It aroused much controversy after then President George W. Bush admitted to violating a specific federal statute (FISA) and the warrant requirement of the Fourth Amendment to the United States Constitution. The President claimed his authorization was consistent with other federal statutes (AUMF) and other provisions of the Constitution, also stating that it was necessary to keep America safe from terrorism and could lead to the capture of notorious terrorists responsible for the September 11 attacks in 2001.

One difference between foreign wiretapping and domestic wiretapping is that, when operating in other countries, “American intelligence services could not place wiretaps on phone lines as easily as they could in the U.S.” Also, domestically, wiretapping is regarded as an extreme investigative technique, whereas outside of the country, the interception of communications is huge. The National Security Agency (NSA) “spends billions of dollars every year intercepting foreign communications from ground bases, ships, airplanes and satellites”.

FISA distinguishes between U.S. persons and foreigners, between communications inside and outside the U.S., and between wired and wireless communications. Wired communications within the United States are protected, since intercepting them requires a warrant.

Wednesday, August 2, 2023

GNU General Public License

GNU General Public License
AuthorRichard Stallman
Latest version3
PublisherFree Software Foundation
Published25 February 1989; 34 years ago
SPDX identifier
  • GPL-3.0-or-later
  • GPL-3.0-only
  • GPL-2.0-or-later
  • GPL-2.0-only
  • GPL-1.0-or-later
  • GPL-1.0-only
Debian FSG compatibleYes
FSF approvedYes
OSI approvedYes
CopyleftYes Binary or compilation-based
Linking from code with a different licenceSoftware licensed under GPL compatible licenses only, depending on the version used.
Websitewww.gnu.org/licenses/gpl.html 

The GNU General Public License (GNU GPL or simply GPL) is a series of widely used free software licenses that guarantee end users the four freedoms to run, study, share, and modify the software. The license was the first copyleft for general use and was originally written by the founder of the Free Software Foundation (FSF), Richard Stallman, for the GNU Project. The license grants the recipients of a computer program the rights of the Free Software Definition. These GPL series are all copyleft licenses, which means that any derivative work must be distributed under the same or equivalent license terms. It is more restrictive than the Lesser General Public License and even further distinct from the more widely used permissive software licenses BSD, MIT, and Apache.

Historically, the GPL license family has been one of the most popular software licenses in the free and open-source software domain. Prominent free software programs licensed under the GPL include the Linux kernel and the GNU Compiler Collection (GCC). David A. Wheeler argues that the copyleft provided by the GPL was crucial to the success of Linux-based systems, giving the programmers who contributed to the kernel the assurance that their work would benefit the whole world and remain free, rather than being exploited by software companies that would not have to give anything back to the community.

In 2007, the third version of the license (GPLv3) was released to address some perceived problems with the second version (GPLv2) which were discovered during the latter's long-time usage.

To keep the license up to date, the GPL license includes an optional "any later version" clause, allowing users to choose between the original terms or the terms in new versions as updated by the FSF. Software projects licensed with the optional "or later" clause include the GNU Project, while the Linux kernel, for instance, is licensed under GPLv2 only.

The "or any later version" clause is sometimes known as a lifeboat clause since it allows combinations between different versions of GPL licensed software to maintain compatibility.

History

The GPL was written by Richard Stallman in 1989, for use with programs released as part of the GNU project. The original GPL was based on a unification of similar licenses used for early versions of GNU Emacs (1985), the GNU Debugger, and the GNU C Compiler. These licenses contained similar provisions to the modern GPL, but were specific to each program, rendering them incompatible, despite being the same license. Stallman's goal was to produce one license that could be used for any project, thus making it possible for many projects to share code.

The second version of the license, version 2, was released in 1991. Over the following 15 years, members of the free software community became concerned over problems in the GPLv2 license that could let someone exploit GPL-licensed software in ways contrary to the license's intent. These problems included tivoization (the inclusion of GPL-licensed software in hardware that refuses to run modified versions of its software), compatibility issues similar to those of the Affero General Public License, and patent deals between Microsoft and distributors of free and open-source software, which some viewed as an attempt to use patents as a weapon against the free software community.

Version 3 was developed to attempt to address these concerns and was officially released on 29 June 2007.

Version 1

GNU General Public License, version 1
Published25 February 1989
Websitewww.gnu.org/licenses/old-licenses/gpl-1.0.html

Version 1 of the GNU GPL, released on 25 February 1989, prevented what were then the two main ways that software distributors restricted the freedoms that define free software. The first problem was that distributors may publish only binary files that are executable, but not readable or modifiable by humans. To prevent this, GPLv1 stated that copying and distributing copies of any portion of the program must also make the human-readable source code available under the same licensing terms.

The second problem was that distributors might add restrictions, either to the license or by combining the software with other software that had other restrictions on distribution. The union of two sets of restrictions would apply to the combined work, thus adding unacceptable restrictions. To prevent this, GPLv1 stated that modified versions, as a whole, had to be distributed under the terms of GPLv1. Therefore, software distributed under the terms of GPLv1 could be combined with software under more permissive terms, as this would not change the terms under which the whole could be distributed. However, software distributed under GPLv1 could not be combined with software distributed under a more restrictive license, as this would conflict with the requirement that the whole be distributable under the terms of GPLv1.

Version 2

GNU General Public License, version 2
PublishedJune 1991
Websitewww.gnu.org/licenses/old-licenses/gpl-2.0.html

According to Richard Stallman, the major change in GPLv2 was the "Liberty or Death" clause, as he calls it – Section 7. The section says that licensees may distribute a GPL-covered work only if they can satisfy all of the license's obligations, despite any other legal obligations they might have. In other words, the obligations of the license may not be severed due to conflicting obligations. This provision is intended to discourage any party from using a patent infringement claim or other litigation to impair users' freedom under the license.

By 1990, it was becoming apparent that a less restrictive license would be strategically useful for the C library and for software libraries that essentially did the job of existing proprietary ones; when version 2 of the GPL (GPLv2) was released in June 1991, therefore, a second license – the GNU Library General Public License – was introduced at the same time and numbered with version 2 to show that both were complementary. The version numbers diverged in 1999 when version 2.1 of the LGPL was released, which renamed it the GNU Lesser General Public License to reflect its place in the philosophy. The GPLv2 was also modified to refer to the new name of the LGPL, but its version number remained the same, resulting in the original GPLv2 not being recognised by the Software Package Data Exchange (SPDX).

The license includes instructions to specify "version 2 of the License, or (at your option) any later version" to allow the flexible optional use of either version 2 or 3, but some developers change this to specify "version 2" only.

Version 3

GNU General Public License, version 3
Published29 June 2007
Websitewww.gnu.org/licenses/gpl-3.0.html

In late 2005, the Free Software Foundation (FSF) announced work on version 3 of the GPL (GPLv3). On 16 January 2006, the first "discussion draft" of GPLv3 was published, and the public consultation began. The public consultation was originally planned for nine to fifteen months, but finally stretched to eighteen months with four drafts being published. The official GPLv3 was released by the FSF on 29 June 2007. GPLv3 was written by Richard Stallman, with legal counsel from Eben Moglen and Richard Fontana from the Software Freedom Law Center.

According to Stallman, the most important changes were in relation to software patents, free software license compatibility, the definition of "source code", and hardware restrictions on software modifications, such as tivoization. Other changes related to internationalization, how license violations are handled, and how additional permissions could be granted by the copyright holder. The concept of "software propagation", as a term for the copying and duplication of software, was explicitly defined.

The public consultation process was coordinated by the Free Software Foundation with assistance from Software Freedom Law Center, Free Software Foundation Europe, and other free software groups. Comments were collected from the public via the gplv3.fsf.org web portal, using purpose-written software called stet.

During the public consultation process, 962 comments were submitted for the first draft. By the end of the comment period, a total of 2,636 comments had been submitted.

The third draft was released on 28 March 2007. This draft included language intended to prevent patent-related agreements such as the controversial Microsoft-Novell patent agreement, and restricted the anti-tivoization clauses to a legal definition of a "user" and a "consumer product". It also explicitly removed the section on "Geographical Limitations", whose probable removal had been announced at the launch of the public consultation.

Richard Stallman at the launch of the first draft of the GNU GPLv3 at MIT, Cambridge, Massachusetts, United States. To his right is Columbia Law Professor Eben Moglen, chairman of the Software Freedom Law Center.

The fourth discussion draft, which was the last, was released on 31 May 2007. It introduced Apache License version 2.0 compatibility (prior versions are incompatible), clarified the role of outside contractors and made an exception to avoid the perceived problems of a Microsoft–Novell style agreement, saying in Section 11 paragraph 6 that:

You may not convey a covered work if you are a party to an arrangement with a third party that is in the business of distributing software, under which you make payment to the third party based on the extent of your activity of conveying the work, and under which the third party grants, to any of the parties who would receive the covered work from you, a discriminatory patent license ...

This aimed to make future such deals ineffective. The license was also meant to cause Microsoft to extend the patent licenses it granted to Novell customers for the use of GPLv3 software to all users of that GPLv3 software; this was possible only if Microsoft was legally a "conveyor" of the GPLv3 software.

Early drafts of GPLv3 also let licensors add an Affero-like requirement that would have plugged the ASP loophole in the GPL. As there were concerns expressed about the administrative costs of checking code for this additional requirement, it was decided to keep the GPL and the Affero license separated.

Others, notably some high-profile Linux kernel developers such as Linus Torvalds, Greg Kroah-Hartman, and Andrew Morton, commented to the mass media and made public statements about their objections to parts of discussion drafts 1 and 2. The kernel developers referred to GPLv3 draft clauses regarding DRM/Tivoization, patents, and "additional restrictions", and warned of a Balkanisation of the "Open Source Universe". Linus Torvalds, who decided not to adopt the GPLv3 for the Linux kernel, reiterated his criticism several years later.

GPLv3 improved compatibility with several free software licenses such as the Apache License, version 2.0, and the GNU Affero General Public License, which GPLv2 could not be combined with. However, GPLv3 software could only be combined and share code with GPLv2 software if the GPLv2 license used had the optional "or later" clause and the software was upgraded to GPLv3. While the "GPLv2 or any later version" clause is considered by FSF as the most common form of licensing GPLv2 software, Toybox developer Rob Landley described it as a lifeboat clause. Software projects licensed with the optional "or later" clause include the GNU Project, while a prominent example without the clause is the Linux kernel.

The final version of the license text was published on 29 June 2007.

Terms and conditions

The terms and conditions of the GPL must be made available to anybody receiving a copy of the work that has a GPL applied to it ("the licensee"). Any licensee who adheres to the terms and conditions is given permission to modify the work, as well as to copy and redistribute the work or any derivative version. The licensee is allowed to charge a fee for this service or do this free of charge. This latter point distinguishes the GPL from software licenses that prohibit commercial redistribution. The FSF argues that free software should not place restrictions on commercial use, and the GPL explicitly states that GPL works may be sold at any price.

The GPL additionally states that a distributor may not impose "further restrictions on the rights granted by the GPL". This forbids activities such as distributing the software under a non-disclosure agreement or contract.

The fourth section for version 2 of the license and the seventh section of version 3 require that programs distributed as pre-compiled binaries be accompanied by a copy of the source code, a written offer to distribute the source code via the same mechanism as the pre-compiled binary, or the written offer to obtain the source code that the user got when they received the pre-compiled binary under the GPL. The second section of version 2 and the fifth section of version 3 also require giving "all recipients a copy of this License along with the Program". Version 3 of the license allows making the source code available in additional ways in fulfillment of the seventh section. These include downloading source code from an adjacent network server or by peer-to-peer transmission, provided that is how the compiled code was available and there are "clear directions" on where to find the source code.

The FSF does not hold the copyright for a work released under the GPL unless an author explicitly assigns copyrights to the FSF (which seldom happens except for programs that are part of the GNU project). Only the individual copyright holders have the authority to sue when a license violation is suspected.

Printed GPL statements for consumer entertainment devices which incorporate GPL components

Use of licensed software

Software under the GPL may be run for all purposes, including commercial purposes and even as a tool for creating proprietary software, such as when using GPL-licensed compilers. Users or companies who distribute GPL-licensed works (e.g. software), may charge a fee for copies or give them free of charge. This distinguishes the GPL from shareware software licenses that allow copying for personal use but prohibit the commercial distribution or proprietary licenses where copying is prohibited by copyright law. The FSF argues that freedom-respecting free software should also not restrict commercial use and distribution (including redistribution).

In purely private (or internal) use—with no sales and no distribution—the software code may be modified and parts reused without requiring the source code to be released. For sales or distribution, the entire source code needs to be made available to end users, including any code changes and additions—in that case, copyleft is applied to ensure that end users retain the freedoms defined above.

However, software running as an application program under a GPL-licensed operating system such as Linux is not required to be licensed under GPL or to be distributed with source-code availability—the licensing depends only on the used libraries and software components and not on the underlying platform. For example, if a program consists only of original source code, or is combined with source code from other software components, then the custom software components need not be licensed under GPL and need not make their source code available; even if the underlying operating system used is licensed under the GPL, applications running on it are not considered derivative works. Only if GPLed parts are used in a program (and the program is distributed), then all other source code of the program needs to be made available under the same license terms. The GNU Lesser General Public License (LGPL) was created to have a weaker copyleft than the GPL, in that it does not require custom-developed source code (distinct from the LGPL'ed parts) to be made available under the same license terms.

The fifth section of version 3 states that no GPL-licensed code shall be considered an effective "technical protection measure" as defined by Article 11 of the WIPO Copyright Treaty, and that those who convey the work waive all legal power to prohibit circumvention of the technical protection measure "to the extent such circumvention is effected by exercising rights under this License with respect to the covered work". This means that users cannot be held liable for circumventing DRM implemented using GPLv3-licensed code under laws such as the U.S. Digital Millennium Copyright Act (DMCA).

Copyleft

The distribution rights granted by the GPL for modified versions of the work are not unconditional. When someone distributes a GPL'ed work plus their own modifications, the requirements for distributing the whole work cannot be any greater than the requirements that are in the GPL.

This requirement is known as copyleft. It earns its legal power from the use of copyright on software programs. Because a GPL work is copyrighted, a licensee has no right to redistribute it, not even in modified form (barring fair use), except under the terms of the license. One is only required to adhere to the terms of the GPL if one wishes to exercise rights normally restricted by copyright law, such as redistribution. Conversely, if one distributes copies of the work without abiding by the terms of the GPL (for instance, by keeping the source code secret), they can be sued by the original author under copyright law.

Copyright law has historically been used to prevent distribution of work by parties not authorized by the creator. Copyleft uses the same copyright laws to accomplish a very different goal. It grants rights to distribution to all parties insofar as they provide the same rights to subsequent ones, and they to the next, etc. In this way the GPL and other copyleft licenses attempt to enforce libre access to the work and all derivatives.

Many distributors of GPL'ed programs bundle the source code with the executables. An alternative method of satisfying the copyleft is to provide a written offer to provide the source code on a physical medium (such as a CD) upon request. In practice, many GPL'ed programs are distributed over the Internet, and the source code is made available over FTP or HTTP. For Internet distribution, this complies with the license.

Copyleft applies only when a person seeks to redistribute the program. Developers may make private modified versions with no obligation to divulge the modifications, as long as they do not distribute the modified software to anyone else. Copyleft applies only to the software, and not to its output (unless that output is itself a derivative work of the program). For example, a public web portal running a modified derivative of a GPL'ed content management system is not required to distribute its changes to the underlying software, because the modified web portal is not being redistributed but rather hosted, and also because the web portal output is also not a derivative work of the GPL'ed content management system.

There has been debate on whether it is a violation of the GPL to release the source code in obfuscated form, such as in cases in which the author is less willing to make the source code available. The consensus was that while unethical, it was not considered a violation. The issue was clarified when the license was altered with v2 to require that the "preferred" version of the source code be made available.

License versus contract

The GPL was designed as a license, rather than a contract. In some Common Law jurisdictions, the legal distinction between a license and a contract is an important one: contracts are enforceable by contract law, whereas licenses are enforced under copyright law. However, this distinction is not useful in the many jurisdictions where there are no differences between contracts and licenses, such as Civil Law systems.

Those who do not accept the GPL's terms and conditions do not have permission, under copyright law, to copy or distribute GPL-licensed software or derivative works. However, if they do not redistribute the GPL'ed program, they may still use the software within their organization however they like, and works (including programs) constructed by the use of the program are not required to be covered by this license.

Software developer Allison Randal argued that the GPLv3 as a license is unnecessarily confusing for lay readers, and could be simplified while retaining the same conditions and legal force.

In April 2017, a US federal court ruled that an open-source license is an enforceable contract.

In October 2021 SFC sued Vizio over breach of contract as an end user to request source code to Vizio's TVs, a federal judge has ruled in the interim that the GPL is an enforceable contract by end users as well as a license for copyright holders.

Derivations

The text of the GPL is itself copyrighted, and the copyright is held by the Free Software Foundation.

The FSF permits people to create new licenses based on the GPL, as long as the derived licenses do not use the GPL preamble without permission. This is discouraged, however, since such a license might be incompatible with the GPL and causes a perceived license proliferation.

Other licenses created by the GNU project include the GNU Lesser General Public License, GNU Free Documentation License, and Affero General Public License.

The text of the GPL is not itself under the GPL. The license's copyright disallows modification of the license. Copying and distributing the license is allowed since the GPL requires recipients to get "a copy of this License along with the Program". According to the GPL FAQ, anyone can make a new license using a modified version of the GPL as long as they use a different name for the license, do not mention "GNU", and remove the preamble, though the preamble can be used in a modified license if permission to use it is obtained from the Free Software Foundation (FSF).

Linking and derived works

Libraries

According to the FSF, "The GPL does not require you to release your modified version or any part of it. You are free to make modifications and use them privately, without ever releasing them." However, if one releases a GPL-licensed entity to the public, there is an issue regarding linking: namely, whether a proprietary program that uses a GPL library is in violation of the GPL.

This key dispute is whether non-GPL software can legally statically link or dynamically link to GPL libraries. Different opinions exist on this issue. The GPL is clear in requiring that all derivative works of code under the GPL must themselves be under the GPL. Ambiguity arises with regards to using GPL libraries, and bundling GPL software into a larger package (perhaps mixed into a binary via static linking). This is ultimately a question not of the GPL per se, but of how copyright law defines derivative works. The following points of view exist:

Point of view: dynamic and static linking violate GPL

The Free Software Foundation (which holds the copyright of several notable GPL-licensed software products and of the license text itself) asserts that an executable that uses a dynamically linked library is indeed a derivative work. This does not, however, apply to separate programs communicating with one another.

The Free Software Foundation also created the LGPL, which is nearly identical to the GPL, but with additional permissions to allow linking for the purposes of "using the library".

Richard Stallman and the FSF specifically encourage library writers to license under the GPL so that proprietary programs cannot use the libraries, in an effort to protect the free-software world by giving it more tools than the proprietary world.

Point of view: static linking violates GPL but unclear as of dynamic linking

Some people believe that while static linking produces derivative works, it is not clear whether an executable that dynamically links to a GPL code should be considered a derivative work (see weak copyleft). Linux author Linus Torvalds agrees that dynamic linking can create derived works but disagrees over the circumstances.

A Novell lawyer has written that dynamic linking not being derivative "makes sense" but is not "clear-cut", and that evidence for good-intentioned dynamic linking can be seen by the existence of proprietary Linux kernel drivers.

In Galoob v. Nintendo, the United States Ninth Circuit Court of Appeals defined a derivative work as having "'form' or permanence" and noted that "the infringing work must incorporate a portion of the copyrighted work in some form", but there have been no clear court decisions to resolve this particular conflict.

Point of view: linking is irrelevant

According to an article in the Linux Journal, Lawrence Rosen (a one-time Open Source Initiative general counsel) argues that the method of linking is mostly irrelevant to the question about whether a piece of software is a derivative work; more important is the question about whether the software was intended to interface with client software and/or libraries. He states, "The primary indication of whether a new program is a derivative work is whether the source code of the original program was used [in a copy-paste sense], modified, translated or otherwise changed in any way to create the new program. If not, then I would argue that it is not a derivative work," and lists numerous other points regarding intent, bundling, and linkage mechanism. He further argues on his firm's website that such "market-based" factors are more important than the linking technique.

There is also the specific issue of whether a plugin or module (such as the NVidia or ATI graphics card kernel modules) must also be GPL, if it could reasonably be considered its own work. This point of view suggests that reasonably separate plugins, or plugins for software designed to use plugins, could be licensed under an arbitrary license if the work is GPLv2. Of particular interest is the GPLv2 paragraph:

You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: ...

b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. ... These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it.

The GPLv3 has a different clause:

You may convey a work based on the Program, or the modifications to produce it from the Program, in the form of source code under the terms of Section 4, provided that you also meet all of these conditions: ...

c) You must license the entire work, as a whole, under this License to anyone who comes into possession of a copy. This License will therefore apply, along with any applicable Section 7 additional terms, to the whole of the work, and all its parts, regardless of how they are packaged. This License gives no permission to license the work in any other way, but it does not invalidate such permission if you have separately received it. ... A compilation of a covered work with other separate and independent works, which are not by their nature extensions of the covered work, and which are not combined with it such as to form a larger program, in or on a volume of a storage or distribution medium, is called an "aggregate" if the compilation and its resulting copyright are not used to limit the access or legal rights of the compilation's users beyond what the individual works permit. Inclusion of a covered work in an aggregate does not cause this License to apply to the other parts of the aggregate.

As a case study, some supposedly proprietary plugins and themes/skins for GPLv2 CMS software such as Drupal and WordPress have come under fire, with both sides of the argument taken.

The FSF differentiates on how the plugin is being invoked. If the plugin is invoked through dynamic linkage and it performs function calls to the GPL program then it is most likely a derivative work.

Communicating and bundling with non-GPL programs

The mere act of communicating with other programs does not, by itself, require all software to be GPL; nor does distributing GPL software with non-GPL software. However, minor conditions must be followed that ensures the rights of GPL software are not restricted. The following is a quote from the gnu.org GPL FAQ, which describes to what extent software is allowed to communicate with and be bundled with GPL programs:

What is the difference between an "aggregate" and other kinds of "modified versions"?

An "aggregate" consists of a number of separate programs, distributed together on the same CD-ROM or other media. The GPL permits you to create and distribute an aggregate, even when the licenses of the other software are non-free or GPL-incompatible. The only condition is that you cannot release the aggregate under a license that prohibits users from exercising rights that each program's individual license would grant them.

Where's the line between two separate programs, and one program with two parts? This is a legal question, which ultimately judges will decide. We believe that a proper criterion depends both on the mechanism of communication (exec, pipes, rpc, function calls within a shared address space, etc.) and the semantics of the communication (what kinds of information are interchanged).

If the modules are included in the same executable file, they are definitely combined in one program. If modules are designed to run linked together in a shared address space, that almost surely means combining them into one program.

By contrast, pipes, sockets, and command-line arguments are communication mechanisms normally used between two separate programs. So when they are used for communication, the modules normally are separate programs. But if the semantics of the communication are intimate enough, exchanging complex internal data structures, that too could be a basis to consider the two parts as combined into a larger program.

The FSF thus draws the line between "library" and "other program" via 1) "complexity" and "intimacy" of information exchange and 2) mechanism (rather than semantics), but resigns that the question is not clear-cut and that in complex situations, case law will decide.

Legal status

The first known violation of the GPL was in 1989, when NeXT extended the GCC compiler to support Objective-C, but did not publicly release the changes. After an inquiry they created a public patch. There was no lawsuit filed for this violation.

In 2002, MySQL AB sued Progress NuSphere for copyright and trademark infringement in United States district court. NuSphere had allegedly violated MySQL's copyright by linking MySQL's GPL'ed code with NuSphere Gemini table without complying with the license. After a preliminary hearing before Judge Patti Saris on 27 February 2002, the parties entered settlement talks and eventually settled. After the hearing, FSF commented that "Judge Saris made clear that she sees the GNU GPL to be an enforceable and binding license."

In August 2003, the SCO Group stated that they believed the GPL to have no legal validity and that they intended to pursue lawsuits over sections of code supposedly copied from SCO Unix into the Linux kernel. This was a problematic stand for them, as they had distributed Linux and other GPL'ed code in their Caldera OpenLinux distribution, and there is little evidence that they had any legal right to do so except under the terms of the GPL. In February 2018, after federal circuit court judgement, appeal, and the case being (partially) remanded to the circuit court, the parties restated their remaining claims and provided a plan to move toward final judgement. The remaining claims revolved around Project Monterey, and were finally settled in November 2021 by IBM paying $14.25 million to the TSG (previously SCO) bankruptcy trustee.

In April 2004, the netfilter/iptables project was granted a preliminary injunction against Sitecom Germany by Munich District Court after Sitecom refused to desist from distributing Netfilter's GPL'ed software in violation of the terms of the GPL. Harald Welte, of Netfilter, was represented by ifrOSS co-founder Till Jaeger. In July 2004, the German court confirmed this injunction as a final ruling against Sitecom. The court's justification was that:

Defendant has infringed on the copyright of plaintiff by offering the software 'netfilter/iptables' for download and by advertising its distribution, without adhering to the license conditions of the GPL. Said actions would only be permissible if the defendant had a license grant. ... This is independent of the questions whether the licensing conditions of the GPL have been effectively agreed upon between plaintiff and defendant or not. If the GPL were not agreed upon by the parties, defendant would notwithstanding lack the necessary rights to copy, distribute, and make the software 'netfilter/iptables' publicly available.

This exactly mirrored the predictions given previously by the FSF's Eben Moglen. This ruling was important because it was the first time that a court had confirmed that violating terms of the GPL could be a copyright violation and established jurisprudence as to the enforceability of the GPLv2 under German law.

In May 2005, Daniel Wallace filed suit against the Free Software Foundation in the Southern District of Indiana, contending that the GPL is an illegal attempt to fix prices (at zero). The suit was dismissed in March 2006, on the grounds that Wallace had failed to state a valid antitrust claim; the court noted that "the GPL encourages, rather than discourages, free competition and the distribution of computer operating systems, the benefits of which directly pass to consumers". Wallace was denied the possibility of further amending his complaint, and was ordered to pay the FSF's legal expenses.

On 8 September 2005, the Seoul Central District Court ruled that the GPL was not material to a case dealing with trade secrets derived from GPL-licensed work. Defendants argued that since it is impossible to maintain trade secrets while being compliant with GPL and distributing the work, they are not in breach of trade secrets. This argument was considered without ground.

On 6 September 2006, the gpl-violations.org project prevailed in court litigation against D-Link Germany GmbH regarding D-Link's copyright-infringing use of parts of the Linux kernel in storage devices they distributed. The judgment stated that the GPL is valid, legally binding, and stands in German court.

In late 2007, the BusyBox developers and the Software Freedom Law Center embarked upon a program to gain GPL compliance from distributors of BusyBox in embedded systems, suing those who would not comply. These were claimed to be the first US uses of courts for enforcement of GPL obligations. (See BusyBox GPL lawsuits.)

On 11 December 2008, the Free Software Foundation sued Cisco Systems, Inc. for copyright violations by its Linksys division, of the FSF's GPL-licensed coreutils, readline, Parted, Wget, GNU Compiler Collection, binutils, and GNU Debugger software packages, which Linksys distributes in the Linux firmware of its WRT54G wireless routers, as well as numerous other devices including DSL and Cable modems, Network Attached Storage devices, Voice-Over-IP gateways, virtual private network devices, and a home theater/media player device.

After six years of repeated complaints to Cisco by the FSF, claims by Cisco that they would correct, or were correcting, their compliance problems (not providing complete copies of all source code and their modifications), of repeated new violations being discovered and reported with more products, and lack of action by Linksys (a process described on the FSF blog as a "five-years-running game of Whack-a-Mole") the FSF took them to court.

Cisco settled the case six months later by agreeing "to appoint a Free Software Director for Linksys" to ensure compliance, "to notify previous recipients of Linksys products containing FSF programs of their rights under the GPL," to make source code of FSF programs freely available on its website, and to make a monetary contribution to the FSF.

In 2011, it was noticed that GNU Emacs had been accidentally releasing some binaries without corresponding source code for two years, in opposition to the intended spirit of the GPL, resulting in a copyright violation. Richard Stallman described this incident as a "very bad mistake", which was promptly fixed. The FSF did not sue any downstream redistributors who also unknowingly violated the GPL by distributing these binaries.

In 2017 Artifex, the maker of Ghostscript, sued Hancom, the maker of an office suite which included Ghostscript. Artifex offers two licenses for Ghostscript; one is the Affero GPL License and the other is a commercial license. Hancom did not acquire a commercial license from Artifex nor did it release its office suite as free software. Artifex sued Hancom in US District Court and made two claims. First, Hancom's use of Ghostscript was a violation of copyright; and second, Hancom's use of Ghostscript was a license violation. Judge Jacqueline Scott Corley found the GPL license was an enforceable contract and Hancom was in breach of contract.

On 20 July 2021, the developers of the open-source Stockfish chess engine sued ChessBase, the creator of chess software, for violating the GPLv3 license. It was claimed that Chessbase had made only slight modifications to the Stockfish code and sold the new engines (Fat Fritz 2 and Houdini 6) to their customers. Additionally, Fat Fritz 2 was marketed as if it was an innovative engine. ChessBase had infringed on the license by not distributing these products as Free Software in accordance with the GPL.

A year later on 7 November 2022, both parties reached an agreement and ended the dispute. In the near future ChessBase will no longer sell products containing Stockfish code, while informing their customers of this fact with an appropriate notice on their web pages. However, one year later, Chessbase's license would be reinstated. Stockfish did not seek damages or financial compensation.

Compatibility and multi-licensing

Quick guide of license compatibility with GPLv3 according to the FSF. Dashed line indicates that the GPLv2 is only compatible with the GPLv3 with the clause "or any later version".

Code licensed under several other licenses can be combined with a program under the GPL without conflict, as long as the combination of restrictions on the work as a whole does not put any additional restrictions beyond what GPL allows. In addition to the regular terms of the GPL, there are additional restrictions and permissions one can apply:

  1. If a user wants to combine code licensed under different versions of GPL, then this is only allowed if the code with the earlier GPL version includes an "or any later version" statement. For instance, the GPLv3-licensed GNU LibreDWG library cannot be used anymore by LibreCAD and FreeCAD who have GPLv2-only dependencies.
  2. Code licensed under LGPL is permitted to be linked with any other code no matter what license that code has, though the LGPL does add additional requirements for the combined work. LGPLv3 and GPLv2-only can thus commonly not be linked, as the combined Code work would add additional LGPLv3 requirements on top of the GPLv2-only licensed software. Code licensed under LGPLv2.x without the "any later version" statement can be relicensed if the whole combined work is licensed to GPLv2 or GPLv3.

FSF maintains a list of GPL-compatible free software licenses containing many of the most common free software licenses, such as the original MIT/X license, the BSD license (in its current 3-clause form), and the Artistic License 2.0.

Starting from GPLv3, it is unilaterally compatible for materials (like text and other media) under Creative Commons Attribution-ShareAlike 4.0 International License to be remixed into the GPL-licensed materials (prominently software), not vice versa, for niche use cases like game engine (GPL) with game scripts (CC BY-SA).

David A. Wheeler has advocated that free/open source software developers use only GPL-compatible licenses, because doing otherwise makes it difficult for others to participate and contribute code. As a specific example of license incompatibility, Sun Microsystems' ZFS cannot be included in the GPL-licensed Linux kernel, because it is licensed under the GPL-incompatible Common Development and Distribution License. Furthermore, ZFS is protected by patents, so distributing an independently developed GPL-ed implementation would still require Oracle's permission.

A number of businesses use multi-licensing to distribute a GPL version and sell a proprietary license to companies wishing to combine the package with proprietary code, using dynamic linking or not. Examples of such companies include MySQL AB, Digia PLC (Qt framework, before 2011 from Nokia), Red Hat (Cygwin), and Riverbank Computing (PyQt). Other companies, like the Mozilla Foundation (products include Mozilla Application Suite, Mozilla Thunderbird, and Mozilla Firefox), used multi-licensing to distribute versions under the GPL and some other open-source licenses.

Text and other media

It is possible to use the GPL for text documents instead of computer programs, or more generally for all kinds of media, if it is clear what constitutes the source code (defined as "the preferred form of the work for making changes in it"). For manuals and textbooks, though, the FSF recommends the GNU Free Documentation License (GFDL) instead, which it created for this purpose. Nevertheless, the Debian developers recommended (in a resolution adopted in 2006) to license documentation for their project under the GPL, because of the incompatibility of the GFDL with the GPL (text licensed under the GFDL cannot be incorporated into GPL software). Also, the FLOSS Manuals foundation, an organization devoted to creating manuals for free software, decided to eschew the GFDL in favor of the GPL for its texts in 2007.

If the GPL is used for computer fonts, any documents or images made with such fonts might also have to be distributed under the terms of the GPL. This is not the case in countries that recognize typefaces (the appearance of fonts) as being a useful article and thus not eligible for copyright, but font files as copyrighted computer software (which can complicate font embedding, since the document could be considered 'linked' to the font; in other words, embedding a vector font in a document could force it to be released under the GPL, but a rasterized rendering of the font would not be subject to the GPL). The FSF provides an exception for cases where this is not desired.

Adoption

Historically, the GPL license family has been one of the most popular software licenses in the FOSS domain.

A 1997 survey of MetaLab, then the largest free software archive, showed that the GPL accounted for about half of the software licensed therein. Similarly, a 2000 survey of Red Hat Linux 7.1 found that 53% of the source code was licensed under the GPL. As of 2003, about 68% of all projects and 82.1% of the open source industry certified licensed projects listed on SourceForge.net were from the GPL license family. As of August 2008, the GPL family accounted for 70.9% of the 44,927 free software projects listed on Freecode.

After the release of the GPLv3 in June 2007, adoption of this new GPL version was much discussed and some projects decided against upgrading. For instance the Linux kernel, MySQL, BusyBox, AdvFS, Blender, VLC media player, and MediaWiki decided against adopting GPLv3. On the other hand, in 2009, two years after the release of GPLv3, Google open-source programs office manager Chris DiBona reported that the number of open-source project licensed software that had moved from GPLv2 to GPLv3 was 50%, counting the projects hosted at Google Code.

In 2011, four years after the release of the GPLv3, 6.5% of all open-source license projects are GPLv3 while 42.5% are GPLv2 according to Black Duck Software data. Following in 2011 451 Group analyst Matthew Aslett argued in a blog post that copyleft licenses went into decline and permissive licenses increased, based on statistics from Black Duck Software. Similarly, in February 2012 Jon Buys reported that among the top 50 projects on GitHub five projects were under a GPL license, including dual licensed and AGPL projects.

GPL usage statistics from 2009 to 2013 was extracted from Freecode data by Walter van Holst while analyzing license proliferation.

Usage of GPL family licenses in % on Freecode
2009 2010 2011 2012 2013 2014-06-18
72% 63% 61% 59% 58% approx. 54%

In August 2013, according to Black Duck Software, the website's data shows that the GPL license family is used by 54% of open-source projects, with a breakdown of the individual licenses shown in the following table. However, a later study in 2013 showed that software licensed under the GPL license family has increased, and that even the data from Black Duck Software has shown a total increase of software projects licensed under GPL. The study used public information gathered from repositories of the Debian Project, and the study criticized Black Duck Software for not publishing their methodology used in collecting statistics. Daniel German, Professor in the Department of Computer Science at the University of Victoria in Canada, presented a talk in 2013 about the methodological challenges in determining which are the most widely used free software licenses, and showed how he could not replicate the result from Black Duck Software.

In 2015, according to Black Duck, GPLv2 lost its first position to the MIT license and is now second, the GPLv3 dropped to fourth place while the Apache license kept its third position.

Usage of GPL family licenses in the FOSS domain in % according to Black Duck Software
License 2008-05-08 2009-03-11 2011-11-22 2013-08-12 2015-11-19 2016-06-06 2017-01-02 2018-06-04
GPLv2 58.69% 52.2% 42.5% 33% 23% 21% 19% 14%
GPLv3 1.64% 4.15% 6.5% 12% 9% 9% 8% 6%
LGPLv2.1 11.39% 9.84% ? 6% 5% 4% 4% 3%
LGPLv3 ? (<0.64%) 0.37% ? 3% 2% 2% 2% 1%
GPL family together 71.72% (+ <0.64%) 66.56% ? 54% 39% 36% 33% 24%

A March 2015 analysis of the GitHub repositories revealed, for the GPL license family, a usage percentage of approximately 25% among licensed projects. In June 2016, an analysis of Fedora Project's packages revealed the GNU GPLv2 or later as the most popular license, and the GNU GPL family as the most popular license family (followed by the MIT, BSD, and GNU LGPL families).

An analysis of whitesourcesoftware.com in April 2018 of the FOSS ecosystem saw the GPLv3 on third place (18%) and the GPLv2 on fourth place (11%), after MIT license (26%) and Apache 2.0 license (21%).

Reception

Legal barrier to application stores

The GPL is incompatible with many application digital distribution systems, like the Mac App Store, and certain other software distribution platforms (on smartphones as well as PCs). The problem lies in the right "to make a copy for your neighbour", as this right is violated by digital rights management systems embedded within the platform to prevent copying of paid software. Even if the application is free in the application store in question, it might result in a violation of that application store's terms.

There is a distinction between an app store, which sells DRM-restricted software under proprietary licenses, and the more general concept of digital distribution via some form of online software repository. Virtually all modern Unix systems and Linux distributions have application repositories, including NetBSD, FreeBSD, Ubuntu, Fedora, and Debian. These specific application repositories all contain GPL-licensed software apps, in some cases even when the core project does not permit GPL-licensed code in the base system (for instance OpenBSD). In other cases, such as the Ubuntu App Store, proprietary commercial software applications and GPL-licensed applications are both available via the same system; the reason that the Mac App Store (and similar projects) is incompatible with GPL-licensed apps is not inherent in the concept of an app store, but is rather specifically due to Apple's terms-of-use requirement that all apps in the store utilize Apple DRM restrictions. Ubuntu's app store does not demand any such requirement: "These terms do not limit or restrict your rights under any applicable open source software licenses."

Microsoft

In 2001, Microsoft CEO Steve Ballmer referred to Linux as "a cancer that attaches itself in an intellectual property sense to everything it touches". In response to Microsoft's attacks on the GPL, several prominent Free Software developers and advocates released a joint statement supporting the license. Microsoft has released Microsoft Windows Services for UNIX, which contains GPL-licensed code. In July 2009, Microsoft itself released a body of around 20,000 lines of Linux driver code under the GPL. The Hyper-V code that is part of the submitted code used open-source components licensed under the GPL and was originally statically linked to proprietary binary parts, the latter being inadmissible in GPL-licensed software.

"Viral" nature

The description of the GPL as "viral", when called 'General Public Virus' or 'GNU Public Virus' (GPV), dates back to a year after the GPLv1 was released.

In 2001, the term received broader public attention when Craig Mundie, Microsoft Senior Vice President, described the GPL as being "viral". Mundie argues that the GPL has a "viral" effect in that it only allows the conveyance of whole programs, which means programs that link to GPL libraries must themselves be under a GPL-compatible license, else they cannot be combined and distributed.

In 2006, Richard Stallman responded in an interview that Mundie's metaphor of a "virus" is wrong as software under the GPL does not "attack" or "infect" other software. Accordingly, Stallman believes that comparing the GPL to a virus is inappropriate, and that a better metaphor for software under the GPL would be a spider plant: if one takes a piece of it and puts it somewhere else, it grows there too.

On the other hand, the concept of a viral nature of the GPL was taken up by others later too. For instance, a 2008 article stated: "The GPL license is 'viral,' meaning any derivative work you create containing even the smallest portion of the previously GPL licensed software must also be licensed under the GPL license."

Barrier to commercialization

The FreeBSD project has stated that "a less publicized and unintended use of the GPL is that it is very favorable to large companies that want to undercut software companies. In other words, the GPL is well suited for use as a marketing weapon, potentially reducing overall economic benefit and contributing to monopolistic behavior" and that the GPL can "present a real problem for those wishing to commercialize and profit from software."

Richard Stallman wrote about the practice of selling license exceptions to free software licenses as an example of ethically acceptable commercialization practice. Selling exceptions here means that the copyright holder of a given software releases it (along with the corresponding source code) to the public under a free software license, "then lets customers pay for permission to use the same code under different terms, for instance allowing its inclusion in proprietary applications". Stallman considered selling exceptions "acceptable since the 1990s, and on occasion I've suggested it to companies. Sometimes this approach has made it possible for important programs to become free software". Although the FSF does not practice selling exceptions, a comparison with the X11 license (which is a non-copyleft free software license) is proposed for suggesting that this commercialization technique should be regarded as ethically acceptable. Releasing a given program under a non-copyleft free software license would permit embedding the code in proprietary software. Stallman comments that "either we have to conclude that it's wrong to release anything under the X11 license—a conclusion I find unacceptably extreme—or reject this implication. Using a non-copyleft license is weak, and usually an inferior choice, but it's not wrong. In other words, selling exceptions permits some embedding in proprietary software, and the X11 license permits even more embedding. If this doesn't make the X11 license unacceptable, it doesn't make selling exceptions unacceptable".

Open-source criticism

In 2000, developer and author Nikolai Bezroukov published an analysis and comprehensive critique of GPL's foundations and Stallman's software development model, called "Labyrinth of Software Freedom".

Version 2 of the WTFPL (Do What The Fuck You Want To Public License) was created by Debian project leader Sam Hocevar in 2004 as a parody of the GPL.

In 2005, open source software advocate Eric S. Raymond questioned the relevance of GPL then for the FOSS ecosystem, stating: "We don't need the GPL anymore. It's based on the belief that open source software is weak and needs to be protected. Open source would be succeeding faster if the GPL didn't make lots of people nervous about adopting it." Richard Stallman replied: "GPL is designed to ... ensure that every user of a program gets the essential freedoms—to run it, to study and change the source code, to redistribute copies, and to publish modified versions ... [Raymond] addresses the issue in terms of different goals and values—those of 'open source,' which do not include defending software users' freedom to share and change software."

In 2007, Allison Randal, who took part in the GPL draft committee, criticized the GPLv3 for being incompatible with the GPLv2 and for missing clarity in the formulation. Similarly, Whurley prophesied in 2007 the downfall of the GPL due to the lack of focus for the developers with GPLv3 which would drive them towards permissive licenses.

In 2009, David Chisnall described in an InformIT article, "The Failure of the GPL", the problems with the GPL, among them incompatibility and complexity of the license text.

In 2014, dtrace developer and Joyent CTO Bryan Cantrill called the copyleft GPL a "Corporate Open Source Anti-pattern" by being "anti-collaborative" and recommended instead permissive software licenses.

GPLv3 criticism

Already in September 2006, in the draft process of the GPLv3, several high-profile developers of the Linux kernel, for instance Linus Torvalds, Greg Kroah-Hartman, and Andrew Morton, warned on a splitting of the FOSS community: "the release of GPLv3 portends the Balkanisation of the entire Open Source Universe upon which we rely." Similarly Benjamin Mako Hill argued in 2006 on the GPLv3 draft, noting that a united, collaborating community is more important than a single license.

Following the GPLv3 release in 2007, some journalists and Toybox developer Rob Landley criticized that with the introduction of the GPLv3 the split between the open source and free software community became wider than ever. As the significantly extended GPLv3 is essentially incompatible with the GPLv2, compatibility between both is only given under the optional "or later" clause of the GPL, which was not taken for instance by the Linux kernel. Bruce Byfield noted that before the release of the GPLv3, the GPLv2 was a unifying element between the open-source and the free software community.

For the LGPLv3, GNU TLS maintainer Nikos Mavrogiannopoulos similarly argued, "If we assume that its [the LGPLv3] primary goal is to be used by free software, then it blatantly fails that", after he re-licensed GNU TLS from LGPLv3 back to LGPLv2.1 due to license compatibility issues.

Lawrence Rosen, attorney and computer specialist, praised in 2007 how the community using the Apache license was now able to work together with the GPL community in a compatible manner, as the problems of GPLv2 compatibility with Apache licensed software were resolved with the GPLv3. He said, "I predict that one of the biggest success stories of GPLv3 will be the realization that the entire universe of free and open-source software can thus be combined into comprehensive open source solutions for customers worldwide."

In July 2013, Flask developer Armin Ronacher draws a less optimistic conclusion on the GPL compatibility in the FOSS ecosystem: "When the GPL is involved the complexities of licensing becomes a non fun version of a riddle", also noting that the conflict between Apache License 2.0 and GPLv2 still has impact on the ecosystem.

Inequality (mathematics)

From Wikipedia, the free encyclopedia https://en.wikipedia.org/wiki/Inequality...