back to article Bruce Perens wants to anti-SLAPP Grsecurity's Brad Spengler with $670,000 in legal bills

Having defeated a defamation claim for speculating that using Grsecurity's Linux kernel hardening code may expose you to legal risk under the terms of the GPLv2 license, Bruce Perens is back in court. This time, he's demanding Bradley Spengler – who runs Open Source Security Inc and develops Grsecurity – foots his hefty legal …

  1. DryBones
    Pint

    Popcorn!

    Need popcorn icon...

  2. Schultz

    Mixed reality

    He jumped down the hole and now the rabbit has to dance. That's what happens when you discover the magic land where an hour's harvest feeds the family for a year. Just don't tell the queen for thou shalt be judged.

    Manfrommars, can you proofread that for me?

  3. EveryTime

    From personal experience, I consider OMM a deeply unethical law firm. I'm sure that bill was padded front, back and middle. And the 'success fee'... that's over the top.

    OTOH, I don't mind seeing GRSecurity paying for their SLAPP. Even if Bruce doesn't end up paying the legal bills, it still cost him lots of time, and no doubt a huge amount of stress.

    1. streaky

      One man's unethical is another man's successful. Not for nothing but people are dumb when faced with legal threats, jump the shark and take the cheapest option rather than playing it smart and going nuclear, scorched earth policy. If you win and win hard and the other guy pays the fees who cares what it costs - in fact, the more the better. You might consider that unethical, I call it a smart play - for no other reason than as a deterrent.

      1. Lee D Silver badge

        The IBM vs SCO tactic.

        Don't just win. Invalidate their patents. Bankrupt the company. Destroy all their claims. Get their copyrights invalidated. Chase the lawyers.

        Sure, it cost IBM 10 times as much as it could have, but you can be sure that nobody else is going to try that tactic (though SCO are still going, somehow... but at this point there's nothing left and everything they do is costing the lawyers money because of their earlier fixed-price deal).

        1. asdf

          Well IBM can't mess around when it comes to litigation as that is a big part of what little is left of the shell of their former self. They have to go scorched earth as not defending their patents would be suicide.

    2. James Anderson

      The fees are high because there is a very real possibility that they will not be paid. If the initial case went badly or they lose the anti-SLAP then they wil get nothing. The will not stiff Bruce with the bill.

      As for the nearly 900 hours - well that's how much work you need for due diligence, filing motions, etc. To prepare a successful case in the USA.

      The law is for rich people, the poor get regulations, fines and jail.

  4. Anonymous Coward
    Anonymous Coward

    Perhaps Grsecurity can recover the $670k from it's incompentence insurance

  5. Throatwarbler Mangrove Silver badge

    You mess with the GNU ...

    ... you get the horns.

    1. Anonymous Coward
      Anonymous Coward

      Re: You mess with the GNU ...

      Well, no it's not the horns, it's something else entirely. Someone somewhere has decided to use the preponderance of public opinion and a bunch of expensive lawyers to ruin someone else's life, rather than actually sue the guy for breaching GPL2 (use the "horns" as originally envisaged by the original authors of GPL2). This is a pretty nasty and vindictive way of going after someone.

      Plus it is doubtful that what GR is doing is actually breaking GPL2. It's certainly breaking what most people think an OSS license says, but then most people haven't actually read GPL2. I strongly fear that if it actually got tested in court, GR's way of operating would be found to be compliant with the license. This would render the GPL2 to be pretty useless for the purpose that the authors (and Linus Torvalds) intended. And rather than fix the license, someone somewhere has decided to use some other means.

      This is dangerous because it means that social pressures, public opinion, and veiled threats look to be becoming the way in which GPL2 is "enforced" (when it's enforceability is doubtful), rather than objective decision making by courts. The danger is that the social pressures, public opinion and veiled threats can and will be used for malicious intent. Possibly this is the first such example.

      We Need To Re-License Linux

      Furthermore it is avoiding doing the thing that actually needs doing; getting Linux on to a license that actually reflects what the vast majority of the Linux kernel community want. The longer this s not done, the worse the situation will get. The current license is woefully inadequate.

      I've no idea how that's going to happen. The very nature of GPL2 makes it almost impossible to fix flaws in GPL2. But something must happen.

      1. Anonymous Coward
        Anonymous Coward

        Re: You mess with the GNU ...

        "Someone somewhere has decided to use the preponderance of public opinion and a bunch of expensive lawyers to ruin someone else's life"

        GR were the ones who decided to sue, not Perens. It was self inflicted.

        As for re-licensing the GPL v2. Most people using Linux dont seem to have an issue with it.

      2. Lee D Silver badge

        Re: You mess with the GNU ...

        The licence clearly says:

        "You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License."

        If he's considered to be "sublicencing" the kernel GPLv2 code that he based his work on (by charging a subscription for a GPLv2-based work and cutting people's subscription to that if they exercise their given rights under the GPLv2 granted to them by the Linux kernel licence AND his modifications that must be GPLv2 too), or distributing it under some other scheme, then he's in breach of the licence.

        It would be up to a court of law, but it's quite clear that he'd lose. You can sell it. You can't stop people who buy it from giving the source code away. And by imposing an outside restriction on a future subscription service based on you NOT being able to legally exercise the rights under GPLv2, then you are clearly modifying a contract with an external factor... which could be considered sublicencing by imposing foreign clauses not written in the GPLv2.

        He wouldn't win.

        P.S. you can't relicence the kernel. Hundreds of former contributors are dead and you'd need to trace every line of code they ever wrote and replace it with similar code under the proper licence. Additionally, there is absolutely no desire within the core kernel community to do so, there's a reason that "V2-only" was specifically chosen, they could have just used v2 which would allow a free "upgrade" to V3 at any point, but they specifically and categorically chose not to.

        Plus, there's no need to. Nobody has ever proven a GPL weakness in any court in the world, and places like Microsoft, Google, IBM, etc. run in fear of the damn licence if they might be found to be on the wrong side of it. That tells you all you need to know.

        1. Anonymous Coward
          Anonymous Coward

          Re: You mess with the GNU ...

          It would be up to a court of law, but it's quite clear that he'd lose. You can sell it. You can't stop people who buy it from giving the source code away. And by imposing an outside restriction on a future subscription service based on you NOT being able to legally exercise the rights under GPLv2, then you are clearly modifying a contract with an external factor... which could be considered sublicencing by imposing foreign clauses not written in the GPLv2.

          And yet if GR had said nothing at all whatsoever about not supplying future versions, but otherwise did exactly what they're doing now, we'd all be agreeing that they were within their rights.

          Look at it this way. I downloaded the source code. I've made changes, and given them to my mate Bill. I've now made more changes, but I don't want to give those to Bill. Bill is asking for them, wondering why I've now spurned him, but I'm not going to give them to him and I'm keeping my reasons to myself (basically, I think Bill is a plonker, and I don't want to hurt his feelings). Instead I've given these new changes to Alice. Where's the GPL2 breach in that?

          He wouldn't win.

          He might win, and that's the whole point. The matter is unsettled, and by cocking about dropping "opinions" in public posts, skirting round the issue, the matter remains unsettled, neigh, risks being settled in a manner contrary to the wishes of the majority of the kernel community.

          If it was a clear and blatant breach of GPL2, some one (e.g. the EFF) should have sued by now. They haven't. I think it's reasonable to conclude that there is a strong air of doubt on the issue.

          Plus, there's no need to. Nobody has ever proven a GPL weakness in any court in the world, and places like Microsoft, Google, IBM, etc. run in fear of the damn licence if they might be found to be on the wrong side of it. That tells you all you need to know.

          Nor AFAIK has anyone proven a GPL2 strength in any court in the world. It's come close, but all the cases I've heard of have been stupid blatant breaches, settled before reaching court.

          1. Number6

            Re: You mess with the GNU ...

            Look at it this way. I downloaded the source code. I've made changes, and given them to my mate Bill. I've now made more changes, but I don't want to give those to Bill. Bill is asking for them, wondering why I've now spurned him, but I'm not going to give them to him and I'm keeping my reasons to myself (basically, I think Bill is a plonker, and I don't want to hurt his feelings). Instead I've given these new changes to Alice. Where's the GPL2 breach in that?

            If you've given Bill the binaries then he's entitled to the source required to build those binaries. GPL2 does not require you to give him updates to what he's already got. If you gave the updated source and binaries to Alice then she is within her rights to give the binaries to Bill, and if he asks, the source code too. Yes there was a high degree of daftness in putting stuff in writing.

      3. oldcoder

        Re: You mess with the GNU ...

        Linux will never be relicenced as the GPL does meet the desires of the majority of the developers.

        In addition, a number of the developers have died - and you will not get their permission either.

        That GPLv2 license prevents companies from misappropriation of the code. Which has happened with BSD and MIT licenses.

        The end result is that you don't like Perens opinion.

        So somebody sued him for expressing his opinion. The only result of that is a loss.

        It also makes one think that opinion may in fact be true. Now GRSecurity may actually have a problem...

        Bruce Perens doesn't have grounds for suing directly - unless he has some code in the kernel that he believes is being misappropriated.

        I don't believe he does, it is just his opinion, and he can always give his opinion - Free speech and all.

  6. Lee D Silver badge

    Couldn't happen to a nicer company.

    And if I remember, there was a psuedo-statement from Bruce/his lawyers that if GRSec stopped doing what they're doing, they wouldn't bother to chase the anti-SLAPP stuff and would just let it go. Specifically dropping the libel claims, not even having to actually fix the stupid licence/contract conflict.

  7. Toby Poynder

    No sympathy for GRSec

    He Who Goes to Law Takes a Wolf by the Ears

    1. Brewster's Angle Grinder Silver badge

      Re: No sympathy for GRSec

      And a pig by the bum.

  8. BinkyTheMagicPaperclip Silver badge

    Oh dear how sad, what's for lunch?

    The dual facts that they took Perens to court for expressing an opinion, and tried to get three million dollars out of him tend to remove any sympathy.

  9. Jon 37

    Standard legal fees for suing someone in the US are around a third of what you win, on a no-win-no-fee basis. So he sued for 3 million, he would have paid his lawyers a million if he’d won. So two thirds of a million to the other side’s lawyers is comparable.

    Of course, all three figures are ludicrous, but the plaintiff started that by suing for 3 million.

    And lawyers have a high list price to allow for the risk of not getting paid - both people who don’t pay and reductions made by the court, which is quite likely to happen in this case.

  10. CaitlinBestler

    But your honor they couldn't possibly have spent that much!

    After all, consider the idiots who were suing them.

  11. Bruce Perens

    Official Statement from Bruce Perens

    My own statement is on my web site perens.com at this URL: https://perens.com/2018/02/08/bruce-perens-seeks-mandatory-award-of-legal-fees-for-his-defense-in-open-source-security-inc-and-bradley-spengler-v-bruce-perens/

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like