Feeds

Google's 'clean' Linux headers: Are they really that dirty?

When lawyers and Linus collide

  • alert
  • submit to reddit

3 Big data security analytics techniques

A function of copyright

Basically, Google's scripts remove programmer commentary from the files. The company is operating under the principle that the meat of the header files is so simple and unoriginal that it can't be copyrighted. The files define an API, and they're similar to what's used with UNIX OSes. Copyright law covers "original expression", not mere ideas or methods, and Google believes once you strip out the comments, the headers contain no original expression.

But Naughton disagrees. He says that he's found static inline functions in the headers and that these, as well as macros, may be problematic. "A header file that is merely a list of declarations of variables or names of functions might not be copyrightable," he says in the lengthy legal analysis that he points to from his Huffington Post story, "but one that includes macros and inline functions probably is, because writing those macros and functions demands creativity and originality, and they can be written in different ways." And he cites a handful of Bionic files that he believes exhibit such expression.

Plus, he argues that the overall structure of the files – which number around 750 – is copyrightable. "Even if not all of the 750 header files that comprise Bionic contain as much copyrightable expression as the two discussed above, the overall structure, organization, and combination of noncopyrightable elements can still be copyrightable. This isn’t a revolutionary idea: it’s commonly understood that even if individual words and facts can’t be protected by copyright, the creative selection and organization of those individual words and facts – into a novel, or a movie – is entitled to copyright protection."

Raymond Nimmer, whose blog post Naughton drew on, says that there's no definite line between what's copyrightable and what's not, as is the case with any piece of software. "If you look at any program or any complicated thing, there are going to be some things that if you take them as a whole, they'e going to be copyrighted. You can start peeling things away to avoid copyright. But if you start peeling things away, there's still a strong argument that you are violating my copyright, because you're not affecting the structure."

For what it's worth. we asked Nimmer if he has any affiliation with Microsoft or any other Google competitor. He said that although his Houston Intellectual Property and Information Law Institute has received a grant from Microsoft, this had nothing to do with his blog post. When we first spoke to Edward Naughton, we asked him if he worked for anyone "involved" in the situation, and he said "no". But when we pointed out the changes to his online bio, he acknowledged working for Microsoft in the past.

"I'm a software lawyer," he said, "and I've worked with a lot of software companies, both proprietary and open source. I've represented some in litigation, Microsoft among them, and in those cases my representation is a matter of public record. I think the last time I represented Microsoft in litigation was five years ago or more ... while I was at my prior firm.

"I also advise software companies in non-litigation matters, and I have advised many, again both open source and proprietary, on open source strategy and licensing issues, and a number of them are interested in issues surrounding Android. I have a professional responsibility to keep these client relationships confidential, but I can tell you that I represent companies with differing perspectives on the issue."

Eben Moglen, of the Software Freedom Law Center, declined to speak with us on the record, saying he wanted to speak with Naughton first. It's unclear whether the two have spoken. But in an interview with ZDNet, Moglen indicated that he believes Naughton is overplaying the situation. "The facts are not quite as simple and therefore the narrative not quite as compelling as one might be led to believe,” he said.

It's worth remembering that you can't really use a header file to make some sort of proprietary enhancement to the Linux kernel. By definition, it, well, defines how you interact with the kernel. The GPL is meant to make sure that free code isn't enhanced in a proprietary way without the enhancements being open sourced as well. You really have to wonder if those who built the kernel – the only ones who could sue over Bionic – would see the library as a problem. And Linus Torvalds bore this out when he called Naughton's claims "totally bogus".

Google employs people who work on the Linux kernel, and odds are that the company had a good idea of how the community would react to an OS that cleaned the original Linux header files rather than use glibc. We get the feeling this is a case where the opinions of the world's Linux hackers are in stark contrast to those of an intellectual property lawyer at a big-name international law firm. Linux hackers aren't generally lawyers. And vice versa.

When we spoke to Raymond Nimmer – where this whole thing began – he reiterated that he believes "there is a risk" with Google's use of the header files. "If I was developing an Android app of any significance, I would tell the CEO, 'we have a judgment to make'," he told us. But then he added: "Of course, I'm not a coder. Someone else would have to look at the code and make that judgment." ®

Update: This story has been updated to better explain the GNU C library.

SANS - Survey on application security programs

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Oh no, Joe: WinPhone users already griping over 8.1 mega-update
Hang on. Which bit of Developer Preview don't you understand?
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
Internet-of-stuff startup dumps NoSQL for ... SQL?
NoSQL taste great at first but lacks proper nutrients, says startup cloud whiz
Ditch the sync, paddle in the Streem: Upstart offers syncless sharing
Upload, delete and carry on sharing afterwards?
New Facebook phone app allows you to stalk your mates
Nearby Friends feature goes live in a few weeks
Microsoft TIER SMEAR changes app prices whether devs ask or not
Some go up, some go down, Redmond goes silent
Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
Admins dab straining server brows in advance of Trusty Tahr's long-term support landing
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.