Jusletter IT

TiVoization for Self-Driving Cars

  • Author: Daniel Ronzani
  • Category of articles: TechLawNews by Ronzani Schlauri Attorneys
  • Region: Switzerland
  • Field of law: IT-Law, Applications, Big Data, Open Data & Open Government
  • Citation: Daniel Ronzani, TiVoization for Self-Driving Cars, in: Jusletter IT 23 May 2019

Table of contents

  • 1. The Term
  • 2. GPL-2.0
  • 3. GPL-3.0
  • 4. Self-Driving Cars

1.

The Term ^

[1]

«TiVi» as in television? No, but close. It’s «TiVo». The term is «TiVoization».

[2]

TiVo Corporation is an American company.1 It sells hard- and software products as well as services for enhancing its customers' on-demand entertainment experience. TiVo Inc. embeds a GNU GPL software on its digital video recorders (DVR). As required by GPL TiVo Inc. provides the source code embedded in the device. This source code can be altered by its customers. However, TiVo Inc. prevents its customers from uploading any upgrades or other modifications made to the source code back onto the DVR because the signature key unique to that version of the executable (i.e., compiled version) does not match the signature burned into a semiconductor chip in the DVR.2

[3]

Based on this practice by TiVo Inc. the term «TiVoization» means that devices (also referred to as «Proprietary Tyrants»3) incorporate software under the terms of open source software with a copyleft effect (i.e. GPL-3.0) but use hardware restrictions to prevent users from running modified versions of the software on that hardware, either entirely or with function restrictions: 4

«Some companies have created various different kinds of devices that run GPLed software, and then rigged the hardware so that they can change the software that’s running, but you cannot. If a device can run arbitrary software, it’s a general-purpose computer, and its owner should control what it does. When a device thwarts you from doing that, we call that tivoization.»
[4]

The use of open source software (OSS) in embedded systems is of significant relevance for manufacturers of automobiles, medical devices and security sensible systems.5 The reasons to use OSS and then TiVoize are manifold, for instance, (i) cost reduction, (ii) easier customization and servicing, (iii) system robustness, (iv) increased safety and security, (v) OSS marketing/publicity purposes, or (vi) digital rights management (DRM).6

2.

GPL-2.0 ^

[5]

GPL-2.07 does not stipulate special rules regarding the implementation of technical protection measures in embedded systems. It does, however, require the software be distributed with any associated interface definition files, plus the scripts used to control compilation and installation of the executable (s. 3 (2)).

[6]

It is debatable whether s. 3 (2) GPL-2.0 is a TiVoization restriction. Linus Torvalds, for instance, stated in 2006 «I think it’s insane to require people to make their private signing keys available, for example. I wouldn’t do it.»8 Obviously he does not interpret GPL-2.0 as including any anti-TiVoization rules.

[7]

Other OSS developers have also advocated in favour of TiVoization:9 (1) GPL is a software license and thus it should not affect hardware; (2) not allowing TiVoization restricts the freedom of product developers; (3) anti-TiVoization clauses induce developers to use proprietary software rather than free software; (4) restricting TiVoization could conflict with legal obligations for vendors of software in products such as electronic medical equipment, aircraft control systems, and voting machines.

[8]

Even the Free Software Foundation concluded that «GPLv2 did not address the use of technical measures to take back the rights that the GPL granted, because such measures did not exist in 1991, and would have been irrelevant to the forms in which software was then delivered to users. But GPLv3 must address these issues […].»10

[9]

However, it has also been argued that in 1991, when GPL-2.0 was published, TiVoization was not purposely omitted (because unknown then), which is why the contractual gap must, in the spirit of the OSS license, be closed in favour of strengthening the users' freedoms. However, DRM systems should remain permissible also under GPL software, provided the user receives, at least in a «written offer», the technical tools to upload the amended software back onto the device. In any case, technical measures, such as bootloaders, that prevent modified GPL software from starting, should remain permissible.11

[10]

Notwithstanding the foregoing, the fact that the subsequent version of GPL, GPL-3.012, includes explicit wording regarding the waiver of prohibiting circumvention can underscore the legal argument that there was indeed a TiVoization gap in GPL-2.0, which was subsequently closed in GPL-3.0.

3.

GPL-3.0 ^

[11]

According to s. 3 (2) GPL-3.0, anyone conveying software waives any legal power to forbid circumvention of technological measures to the extent such circumvention is effected by exercising rights under the GPL-3.0 license with respect to such software. Furthermore, this section includes a disclaimer regarding any intention to limit operation or modification of the software by enforcing legal rights to forbid circumvention of technological measures.

[12]

GPL-3.0 foresees a couple of relevant rules for TiVoization: First, s. 6 (5) stipulates that if one conveys software in object code for use in a user product the corresponding source code must be accompanied by the installation information. Second, user product13 means any tangible personal property which is normally used for personal, family, or household purposes, or anything designed or sold for incorporation into a dwelling (s. 6 (3)). Third, installation information means for a user product any methods, procedures, authorization keys or other information required to install and execute modified versions of the software in that user product (s. 6 (4)). Lastly, the anti-TiVoization rules (for user products) of GPL-3.0 do not apply if the upload of the modified software to the user product would materially and adversely affect the operation of a network or violate rules and protocols for communication of the network (s. 6 (6)).

[13]

Ultimately, this means that the anti-TiVoization rules of GPL-3.0 do not apply (i) to non-consumer products, i.e. in B-2-B dealings; and (ii) if the device, on which the modified software is supposed to be uploaded, is part of a network, e.g. telecom or security.

4.

Self-Driving Cars ^

[14]

What does this have to do with self-driving cars? In the past years, the car industry has increasingly used free and open software for user services such as navigation and entertainment systems. However, the car industry has been against using open licenses released under GPL-3.0 due to the anti-TiVoization rules.14

[15]

Since car owners have modified or replaced parts on their vehicles for many years, Von Haller15 questions whether security issues are the true reasons why car manufacturers are not using GPL-3.0. He also states that s. 7 GPL-3.0 allows for additional terms, under which TiVoization can be excluded.

[16]

It is true that cars have and are being modified by their owners. However, these modifications remain within the car and most likely also need to be approved by the competent road traffic licensing department. What about software updates? Self-driving vehicles are likely to be linked to the servers of the manufacturer, e.g. as is the case with the Tesla fleet. So security issues do seem justifiable, probably also in case of an individual approval by the competent road traffic licensing department because modified software in a self-driving car might affect more than just the security of that car, it might affect the entire fleet (e.g. malware).

[17]

As regards the additional license terms in s. 7 GPL-3.0, paragraph 2 stipulates that when one conveys a copy of the software, one may remove any additional permissions from that copy. This means there is no copyleft effect for the additional license terms.

[18]

Unless overruled by a court decision, TiVoization under GPL-2.0 seem permissible. If a car manufacturer of self-driving cars used OSS under GPL-3.0 in a B-2-B deal, anti-TiVoization is irrelevant (no user product). In a B-2-C deal I would argue that TiVoization is permitted because any modified software uploaded to the vehicle might adversely affect the operation of the network and thus endanger other car owners and possibly the entire fleet.

Daniel Ronzani

  1. 1 www.tivo.com.
  2. 2 The Linux Information Project, An Introduction to TiVoization, 8 January 2007, tinyurl.com/7b9d2qm.
  3. 3 Free Software Foundation Inc., Proprietary Tyrants, 2014-2019, tinyurl.com/y45yj543; with examples.
  4. 4 Brett Smith, A Quick Guide to GPLv3, Free Software Foundation Inc., 2007, tinyurl.com/hq546ru; see also: Free Software Foundation Inc, GNU Operating System, Frequently Asked Questions about the GNU Licenses, tinyurl.com/o3p5lks.
  5. 5 Till Jaeger / Alex Metzger, Open Source Software, Rechtliche Rahmenbedingungen der Freien Software, 4. Auflage, 2016, RZ 36a.
  6. 6 The Linux Information Project, An Introduction to TiVoization, 8 January 2007, tinyurl.com/7b9d2qm.
  7. 7 opensource.org/licenses/GPL-2.0; released 1991.
  8. 8 Post by Linus Torvalds on 25 January 2006, 17:39:16 re: GPL V3 and Linux – Dead Copyright Holders, tinyurl.com/y2osu4ju.
  9. 9 The Linux Information Project, An Introduction to TiVoization, 8 January 2007, tinyurl.com/7b9d2qm.
  10. 10 John Sullivan, Free Software Foundation, Opinion on Digital Restrictions Management, 3 August 2006, tinyurl.com/88wm8vd.
  11. 11 Till Jaeger / Alex Metzger, Open Source Software, Rechtliche Rahmenbedingungen der Freien Software, 4. Auflage, 2016, RZ 36a.
  12. 12 opensource.org/licenses/GPL-3.0; released 2007.
  13. 13 It means «consumer product» as defined in 15 U.S. Code § 2301.
  14. 14 Martin von Haller, Self-driving cars and open source – what about GPLv3 and anti-tivoization?, 27 June 2016, tinyurl.com/y6lvtluv.
  15. 15 Ibid.