The Software Freedom Conservancy (SFC) has won a significant legal victory in its ongoing effort to force Vizio to publish the source code of its SmartCast TV software, which is said to contain GPLv2 and LGPLv2.1 copyleft-licensed components.
SFC sued Vizio, claiming it was in breach of contract by failing to obey the terms of the GPLv2 and LGPLv2.1 licenses that require source code to be made public when certain conditions are met, and sought declaratory relief on behalf of Vizio TV owners. SFC wanted its breach-of-contract arguments to be heard by the Orange County Superior Court in California, though Vizio kicked the matter up to the district court level in central California where it hoped to avoid the contract issue and defend its corner using just federal copyright law.
On Friday, Federal District Judge Josephine Staton sided with SFC and granted its motion to send its lawsuit back to superior court. To do so, Judge Staton had to decide whether or not the federal Copyright Act preempted the SFC’s breach-of-contract allegations; in the end, she decided it didn’t.
“Vizio ‘removed’ the case to federal court by claiming that the GPL operates as only a copyright license, and never as a contract,” said Bradley Kuhn, policy fellow at the Software Freedom Conservancy, in an email to The Register. “We have countered that it operates as both, and that the source code provision specifically gives third parties (ie, downstream users) a contractual right to demand complete, corresponding source code (as defined in the GPL).”
Were the GPL interpreted to be only a copyright license, the SFC would have appealed, according to Kuhn, because its complaint asserts only contractual claims and not a copyright claim. Judge Staton agreed with the SFC’s arguments, finding that the GPL functions both as a copyright license and as a contract.
The extra element
Citing Versata Software, Inc. v. Ameriprise Fin (2014), which recognized the GPL imposes an “extra element” – a contractual obligation – beyond what’s required by copyright law, the judge in her order [PDF] wrote, “There is an extra element to SFC’s claims because SFC is asserting, as a third-party beneficiary of the GPL Agreements, that it is entitled to receive source code under the terms of those agreements.”
“The ruling is a watershed moment in the history of copyleft licensing,” said Karen Sandler, executive director of Software Freedom Conservancy, in a statement. “This ruling shows that the GPL agreements function both as copyright licenses and as contractual agreements.”
The SFC said it first contacted Vizio in August 2018, to ask the company to publish its SmartCast platform source code, which relies on the Linux kernel, alsa-utils, GNU bash, GNU awk, bluez, BusyBox, and various other software applications, libraries, and frameworks released under the GPLv2 and LGPLv2.1 licenses.
Vizio responded in January 2019, by providing the SFC with what it claimed was the complete source code for the software in its smart TVs. But, according to the SFC, Vizio failed to include all the files and scripts necessary to compile the software into executable form.
This back and forth went on for two years until the SFC finally sued Vizio [PDF] in October, 2021. The complaint argues that providing the source code to the public is important so that software developers can implement improvements, such as privacy protection, something that Vizio is unlikely to implement because it benefits from collecting user data.
“Had Vizio produced the source code for the Linux kernel, for the other SmartCast programs at issue, and for the library linking programs, as used on Vizio Smart TVs, a community of software developers would have had the opportunity to modify them to protect user privacy or improve accessibility,” the complaint stated.
“This remains true today, and this need for consumer privacy and accessibility will be even more important in the future as consumers become more integrated and dependent on computers and other interconnected ‘smart’ devices for their daily lives.”
Vizio in 2017 agreed to pay $2.2 million to settle charges brought by the US Federal Trade Commission that it collected the viewing data from 11 million of its TVs without folks’ knowledge or consent.
Getting some competition
Kuhn said the SFC brought the case against Vizio to build alternative firmware for Vizio TVs and to exercise the right to repair and improve one’s own devices.
“Ultimately, most TVs on the market today aren’t really televisions: they’re computers attached to a big display,” he said. “We want to use those computers that we bought to do interesting and different things than the original TV manufacturer (in this case, Vizio) intended.”
“We also want the right to repair the software on our devices,” Kuhn continued. “The GPL and LGPL give us the right to do that, but when Vizio violated those licenses, they took our rights away. This case is about asking the court to uphold our rights and require Vizio to comply with the specific contractual terms in the GPL/LGPL that are central to those rights.”
The Vizio case is not over. With the lawsuit sent back to Superior Court, SFC still needs to prevail in its breach of contract claim under the GPL. But the possibility of having the claim derailed by copyright law preemption has now been settled, thanks to Vizio’s gambit to force the case into federal court.
“Normally, this sort of issue would be an issue for appeal after a state court trial,” said Kuhn.
Vizio did not respond to a request for comment.
In conjunction with its Q1 2022 financial report, Vizio doesn’t mention the SFC lawsuit in the “legal matters” section of its 10-Q filing with the US Securities & Exchange Commission. But the company’s filing does acknowledge that usage of free and open-source software poses a potential business risk.
“Some of our consumer devices contain ‘open source’ software, and any failure to comply with the terms of one or more of these open source licenses could negatively affect our business,” the company’s latest 10-Q filing [PDF] stated.
Sandler via email said that the impact of the judge’s decision is that companies making products that incorporate copyleft software will no longer be able to ignore source-code requests from customers.
“It is the purchasers of devices, the users downstream, that are aware of the violations and it is they who intend to make use of the source code as the GPL intends,” said Sandler.
“Today, unless a copyright holder is attached to those requests (or someone who can make a lot of noise in the press), many companies simply ignore the requests they receive for source code. This frustrates the very thing that the GPL is designed to address.” ®
Sony aims to boost the ‘growth of gaming culture’ with two 27-inch monitors and three headsets, designed for both PC and Playstation gamers.
Sony has announced a batch of new monitors and headsets with a focus on PC gamers, as the company looks to reach out to more than its core Playstation audience.
The Inzone range consists of two 27-inch monitors and three headsets, which are all designed to enhance a gamer’s experience. While the main target appears to be PC gamers, the products have features that suit PS5 users.
Sony said its Inzone M9 monitor has 4K resolution and a high contrast with full array local dimming, designed to boost the detail of gaming scenes in deep black and brightness. The monitor also has a 144Hz refresh rate, an IPS display and a 1ms response time. Sony said the monitor will help lead to quicker reactions, which is a clear benefit for competitive PC gamers.
Meanwhile, the M3 monitor will have a 240Hz refresh rate, along with variable refresh rate technology to help gamers “capture movements of rivals in shooter games”.
To go with the monitors, Sony is releasing two wireless headsets, along with the wired Inzone H3 model. The Inzone H9 will have 32 hours of battery life, while the H7 model will have 40 hours.
Speaking on the products, Sony’s head of game business and marketing office Yukihiro Kitajima said there has been a higher interest in gaming with the spread of e-sports tournaments and the advancement of gaming entertainment.
“With Sony’s strong history of high-end audio and visual technology products, we believe this new line will offer even more options for those looking to upgrade their current gaming systems,” Kitajima said.
“We are committed to contributing to the growth of gaming culture by providing PC and PlayStation gamers with a wider range of options to enrich lives through gaming.”
The Inzone headsets range from €300 to €100 and are expected to launch in July, while the M9 monitor is due to launch in the Summer at a cost of €1099. Sony said the pricing and availability of the M3 monitor is expected to be revealed sometime this year.
10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.
Many American womenin recent days have deleted period tracking apps from their cellphones, amid fears the data collected by the apps could be used against them in future criminal cases in states where abortion has become illegal.
The trend already started last month when a draft supreme court opinion that suggested the court was set to overturn Roe v Wade was leaked, and has only intensified since the court on Friday revoked the federal right to abortion.
These concerns are not baseless. As with various other apps, cycle trackers collect, retain and at times share some of their users’ data.In a state where abortion is a crime, prosecutors could request information collected bythese apps when building a case against someone. “If they are trying to prosecute a woman for getting an illegal abortion, they can subpoena any app on their device, including period trackers,” said Sara Spector, a Texas-based criminal defense attorney, and ex-prosecutor.
Cycle trackers are popular for a reason. Nearly a third of American women have been using them, according to a 2019 survey published by the Kaiser Family Foundation. They have helped make women’s lives easier in many ways, from family planning and detecting early signs of health issues to choosing the perfect time for a holiday.
A 2019 study published in the British Medical Journal (BMJ) found that 79% of health apps available through the Google Play storethat were related to medicine, including apps that help manage drugs, adherence, medicines, or prescribing information, regularly shared user data and were “far from transparent”. But many of the big players have made progress over the past years.
Two of the most popular period trackers in the US, Flo and Clue, have more than 55 million users combined. The Berlin-based app Clue said it was “committed to protecting” users’ private health data and that it was operating under strict European GDPR laws. The company’s website says the app collects device data, event and usage data, in addition to a user’s IP address, health and sensitive data it may use for the purpose of improving the app, the services, and preventing abusive use of its service. But Clue does not track users’ precise location, and says it does not store sensitive personal data without a user’s explicit permission. The company also tweeted that it would have a “primary legal duty under European law” not to disclose any private health data and it would “not respond to any disclosure request or attempted subpoena of their users’ health data by US authorities”.
But just because data is being processed by a European company, doesn’t mean that it is entirely immune from US prosecution, said Lucie Audibert, a lawyer at Privacy International, a global NGO that researches, litigates and advocates against abuses of technology and data by governments and corporations.
“The fact that GDPR applies is not that relevant in this case. When it comes to a legitimate legal request from US authorities European companies usually comply. Also, a European company may be hosting data outside the EU, making it subject to different legal frameworks and cross-border agreements,” Audibert added. She also stressed that using a Europe-based app won’t protect women from the courts requesting data from them directly. But it can be a slightly better option than using a US-based one because US companies are more easily compelled to comply with American authorities and courts’ requests. Enforcement is more difficult against European ones.
On Friday, Flo announced that it will soon be launching an “Anonymous mode” that can help keep users’ data safe in any circumstances.
The company did not respond to a request for comment.
Stardust did not immediately respond to a request for comment.
Planned Parenthood encourages people to use their app Spot On. “People who want to track their periods and birth control always have the option to remain anonymous by using the Spot On app without creating an account,” the organization said in a statement.“This way, period or birth control data is only saved locally to a person’s phone and can be deleted at any time by deleting the app.”
Third-party apps are not the only option when it comes to period trackers. Apple has a built-in cycle tracker in its Health app that offers more privacy than most external apps. With just a few steps, one can turn off the storing of their health data in iCloud, and it also has the option to store the encrypted data on their computer or phone.
Evan Greer, deputy director of the non-profit advocacy group Fight for the Future, saidthe best way to protect sensitive health data was to only use apps that store data locally rather than in the cloud. “Because any app where a company [that could receive a subpoena] has access to their users’ data could make it vulnerable for a legal request.”
Eva Blum-Dumontet, a tech policy consultant, said, “It is normal that in times of concern, people are looking differently at technology and apps that we trusted.
“I think when there is a discourse around whether women should delete these apps, we have to think about why they use them in the first place,” Blum-Dumontet said. “These trackers help them manage menstrual cycle when they are experiencing pain.”
Blum-Dumontet stressed that instead of asking users to change their behaviors, “it is period trackers that should change their practices”.
“They should never have owned so much data in the first place. If they adopted practices like storing data locally and minimizing the data to what’s strictly necessary we wouldn’t be having this debate now. It’s not too late for them to do the right thing,” she said.
Melissa, a 27-year-old mother from Texas who is goingby only her first name to not jeopardize her employment, said she deleted the app because she fears that when she travels, her state could use her missed period data against her.
“I will miss using the app so much. I have used it for so many things, like tracking my ovulation or predicting my mood changes. Sometimes I wake up feeling irritable, and I don’t know why until my app tells me that this could be normal at this point of my cycle,” she added. Melissa also says she would have loved to use it for future conceptions, but now she can’t.
Although much of the warnings on Friday were focused on just period trackers these are not the only apps that can be used against users when it comes to criminal prosecution,experts warned.
“Google Maps or a random game on your phone could just as easily be weaponized against someone as a menstrual tracking app,” Greer said. “While we need to educate each other and take precautions, it’s not OK to put the responsibility solely on individuals. Companies and lawmakers need to act immediately to protect people.”
The concerns over period tracking data are part of a broader conversation about the amount of personal information smartphones collect. Women’s rights organizations all over the world are warning users to be more mindful of their digital presence, not just when it comes to period trackers.
Cycle tracking apps can be hugely useful for many women, said Jonathan Lord, UK medical director for MSI Reproductive Choices. “But all data can be used against you.”
According to Lord, this danger will remain until “we treat abortion like all other healthcare – regulated like all other medical procedures, but not criminalized”.
Google has reportedly asked the US Federal Election Commission for its blessing to exempt political campaign solicitations from spam filtering.
The elections watchdog declined to confirm receiving the supposed Google filing, obtained by Axios, though a spokesperson said the FEC can be expected to publish an advisory opinion upon review if Google made such a submission.
Google did not immediately respond to a request for comment. If the web giant’s alleged plan gets approved, political campaign emails that aren’t deemed malicious or illegal will arrive in Gmail users’ inboxes with a notice asking recipients to approve continued delivery.
The reason Google appears to have done so is that earlier this month, 27 Republicans introduced a bill called the Political Bias in Algorithm Sorting (BIAS) Emails Act.
The proposed law aims to “hold Big Tech platforms accountable for using biased algorithms that take control away from consumers and alter the way users are able to see emails from political campaigns,” as US Senator Tim Scott (R-SC) put it.
This draft legislation, as it stands, would make it illegal for an email service provider to apply a filtering algorithm to email messages from an account from a political campaign unless the email recipient took action to apply the filter.
It would also require email service providers (cough, cough, Google) to provide quarterly transparency reports revealing details about filtering applied to Republican and Democratic campaign emails.
Hangouts hangs up: Google chat app shuts this year
The Republican-backed bill follows the release of a North Carolina State University research paper that found email service providers’ spam filters exhibited political bias toward one party or another.
The report [PDF] – titled, A Peek into the Political Biases in Email Spam Filtering Algorithms During US Election 2020 – stated that Gmail marked more right-leaning messages as spam while Outlook and Yahoo marked more left-leaning messages as spam.
“Gmail marks a significantly higher percentage (67.6 percent) of emails from the right as spam compared to the emails from left (just 8.2 percent),” the report stated. “Outlook is unfriendly to all campaign emails, more unfriendly to the left than to the right. It marks a higher percentage of left (95.8%) emails as spam than those of right (75.4 percent). Yahoo marks 14.2 percent more left emails as spam than the right emails.”
The academics said there’s no reason to believe these biases have been introduced deliberately. Rather, they’re the product of the design of spam filtering algorithms and feedback mechanisms used to adjust filtering decisions.
Their report does not address whether Gmail or other email services consider content quality (eg, excessive capitalization, divisive terminology, etc) in their spam determination calculations.
The authors argue that it’s important for spam filtering mechanisms to be fair while conceding it’s not an easy problem. Attempted adjustments, they say, may degrade filter efficacy and result in more unwanted emails.
Letting every single first-time campaign email through is certain to do that. ®