Feeds

Google's 'clean' Linux headers: Are they really that dirty?

When lawyers and Linus collide

  • alert
  • submit to reddit

SANS - Survey on application security programs

The trouble with open source is that most coders aren't lawyers and most lawyers aren't coders. And even if everyone did wear both hats, there would still be ample room for disagreement. The law, you must remember, is subjective.

Two intellectual-property lawyers have told the world that Android is at risk of legal attack because it uses Googly versions of the original Linux header files. But Linux daddy Linus Torvalds says this is "totally bogus". The truth lies somewhere in between. But good luck finding it.

Earlier this month, Edward Naughton, an intellectual-property attorney with the Boston-based firm Brown Rudnick, penned a piece for the Huffington Post in which he argued that Google's use of the original Linux "header files" in Android made the OS vulnerable under US copyright law. "Google's Android contains legal landmines for developers and device manufacturers," the headline read.

According to Naughton, when building Android's Bionic library – which provides application developers with access to Android's underlying Linux kernel – Google stretched the boundaries of copyright law by making use of the Linux header files open sourced under the GNU Public License (GPLv2), which has a strong copyleft provision. Google stripped programmer commentary and other information from the files, arguing that these "cleaned" files are no longer subject to copyright. Then, as part of Android, it open sourced the files under a license with no copyleft provision. But Naughton contends that the GPL may still apply .

"I have serious doubts that Google's approach to the Bionic Library works under US copyright law," he wrote. "At a minimum, Google has taken a significant gamble. While that may be fine for Google, because it knows about and understands the risks, many Android developers and device manufacturers are taking that same risk unknowingly.

"If Google is wrong, the repercussions are significant for the Android ecosystem: the manufacturers and developers working with Android would be incorporating GPLv2-licensed code into applications and components and taking on the copyleft obligations of that license." In other words, if Google is wrong, developers will have to open source their code, as the GPL stipulates.

The argument was based in part on a recent blog post from Raymond Nimmer, a law professor at the University of Houston Law Center and co-director of the Houston Intellectual Property and Information Law Institute. In discussing the "risk of disclosure" when using copyleft platforms, Nimmer spent a paragraph questioning Google's use of the Linux header files in the Bionic library.

Naughton's story promptly sparked a blog post from outspoken open source watcher Florian Muller, who has gained some added attention of late for questioning Google's use of Oracle's Java code in Android. "Google's Android faces a serious Linux copyright issue (potentially bigger than its Java problem)," read the headline, and with the post, he roped in a 2003 mailing-list post from Linux founder Linus Torvalds to support his argument. Soon, countless tech news sites were reporting that Android and its applications were build on shaky ground.

But in one dissenting story, Eben Moglen – the founder, director-counsel, and chairman of Software Freedom Law Center; a professor of law at Columbia University; and one of the world's most respected open source legal minds – poured a little code water on the brouhaha. "I would say that the issue is a little less complex and a little less dire than it might seem on first acquaintance," he said.

Then Linus himself spoke, calling Naughton's claims "totally bogus". And before long, Free Software Foundation chairman Richard Stallman weighed in too, indicating that according to the legal advice he had received, Google's use of the header files was not a problem.

The war of opinions was only inflamed by suggestions that Naughton was somehow beholden to Microsoft. A week before his story appeared on the Huffington Post, Naughton's online bio was edited to remove references to his past work with Redmond.

If you strip out the petty arguments flying back and forth, the situation is actually quite intriguing – whichever side you come down on. With Android, Google could have used the Linux headers provided by GNU C Library (aka glibc), which was created separately from the Linux kernel and does not carry a strong copyleft provision. This is used by the likes of MeeGo and HP's webOS. But Google took a different route, choosing to use the original Linux header files and "clean" them using its own scripts.

Google declined to comment on the situation. But as Naughton pointed out to us when we spoke to him in the wake of his Huffington Post story, a Google powerpoint presentation indicates that the company chose to build its own library because it "wanted to keep GPL out of user space" and it wanted a library that was relatively small and fast.

Obviously, Mountain View believes its scripts have removed all copyrightable material from the files. "This header was automatically generated from a Linux kernel header of the same name, to make information necessary for userspace to call into the kernel available to libc," reads the top of each file in the Bionic library. "It contains only constants, structures, and macros generated from the original header, and thus, contains no copyrightable information."

High performance access to file storage

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Oh no, Joe: WinPhone users already griping over 8.1 mega-update
Hang on. Which bit of Developer Preview don't you understand?
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
Internet-of-stuff startup dumps NoSQL for ... SQL?
NoSQL taste great at first but lacks proper nutrients, says startup cloud whiz
IRS boss on XP migration: 'Classic fix the airplane while you're flying it attempt'
Plus: Condoleezza Rice at Dropbox 'maybe she can find ... weapons of mass destruction'
Ditch the sync, paddle in the Streem: Upstart offers syncless sharing
Upload, delete and carry on sharing afterwards?
New Facebook phone app allows you to stalk your mates
Nearby Friends feature goes live in a few weeks
Microsoft TIER SMEAR changes app prices whether devs ask or not
Some go up, some go down, Redmond goes silent
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.