Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2015/09/28/vw-detail.html

[ A version of this blog post
was crossposted
on Conservancy’s blog. ]

Would software-related scandals, such as Volkswagen’s use of proprietary
software to lie to emissions inspectors, cease if software freedom were
universal? Likely so, as
I wrote last week. In a world where regulations
mandate distribution of source code for all the software in all devices,
and where no one ever cheats on that rule, VW would need means
other than software to hide their treachery.

Universal software freedom is my lifelong goal, but I realized years ago
that I won’t live to see it. I suspect that generations of software users
will need to repeatedly rediscover and face the harms of proprietary
software before a groundswell of support demands universal software
freedom. In the meantime, our community has invented semi-permanent
strategies, such as copyleft, to maximize software freedom for users in our
current mixed proprietary and Free Software world.

In the world we live in today, software freedom can impact the VW
situation only if a few complex conditions are met. Let’s consider the
necessary hypothetical series of events, in today’s real world, that would
have been necessary for Open Source and Free Software to have stopped VW
immediately.

First, VW would have created a combined or derivative work of software
with a copylefted program. While many cars today contain Linux, which is
copylefted, I am not aware of any cars that use Linux outside of the
on-board entertainment and climate control systems. The VW software was
not part of those systems, and VW engineers almost surely wrote the
emissions testing mode code from scratch. Even if they included some
non-copylefted Open Source or Free Software in it, those
licenses don’t require disclosure of any source code; VW’s ability to conceal
its bad actions with non-copylefted code is roughly identical to the situation
of proprietary VW code before us. As a thought experiment, though, let’s
pretend, that VW based the nefarious code on Linux by writing a proprietary
Linux module to trick the emissions testing systems.

In that case, VW would have violated the GPL. But that alone is far from
enough to ensure anyone would catch VW. Indeed, GPL violations remain very
prevalent, and only one organization enforces the
GPL for Linux (full disclosure: that’s Software Freedom Conservancy, where
I work). That organization has such limited enforcement resources (only
three people on staff, and enforcement is one of many of our programs), I
suspect that years would pass before Conservancy had the resources to
pursue the violation; Conservancy currently has hundreds of Linux GPL
violations queued for action. Even once opened, most GPL violations take
years to resolve. As an example, we are currently enforcing the GPL
against one auto manufacturer who has Linux in their car. We’ve already
spent hundreds of hours and the company to date continues to fail in their
GPL compliance efforts. Admittedly, it’s highly unlikely that particular violator has a
GPL-violating Linux module specifically designed to circumvent automotive
regulations. However, after enforcing the GPL in that case for more than
two years, I still don’t have enough data about their use of Linux to
even know which proprietary Linux modules are present — let
alone whether those modules are nefarious in any way other than as
violating Linux’s license.

Thus, in today’s world, a “software freedom solution” to
prevent the VW scandal must meet unbelievable preconditions: (a) VW would
have to base all its software on copylefted Open Source and Free Software,
and (b) an organization with a mission to enforce copyleft for the public
good would require the resources to find the majority of GPL violators and
ensure compliance in a timely fashion. This thought experiment quickly shows how much more work
remains to advance and defend software freedom. While requirements of
source code disclosure, such as those in copyleft licenses, are necessary
to assure the benefits of software freedom, they cannot operate unless
someone exercises the offers for source and looks at the details.

We live in a world where most of the population accepts proprietary
software as legitimate. Even major trade associations, such as the
OpenStack Foundation and the Linux Foundation, in the Open Source community
laud companies who make proprietary software, as long as they adopt and
occasionally contribute to some Free Software too. Currently,
it feels like software freedom is winning, because the
overwhelming majority in the software industry believe Open Source and Free
Software is useful and superior in some circumstances.
Furthermore, while I appreciate the aspirational ideal of voluntary Open
Source, I find in my work that so many companies, just as VW did, will
cheat against important social good policies unless someone watches and
regulates. Mere adoption of Open Source won’t work alone; we only yield
the valuable results of software freedom if software is copylefted and
someone upholds that copyleft.

Indeed, just as it has been since the 1980s, very few people believe that
software freedom is of fundamental importance for all software users. Scandals,
like VW’s use of proprietary software to hide other bad acts, might slowly
change opinions, but one scandal is rarely enough to permanently change
public opinion. I therefore encourage those who support software freedom
to take this incident as inspiration for a stronger stance, and to prepare
yourselves for the long haul of software freedom advocacy.