Open Source Project Liable For 3rd Party DRM-Busting Coding

[silicon_toad2000]

http://torrentfreak.com/court-open-source-project-liable-for-3rd-party-drm-busting-coding-131205/

Back in June the software became embroiled in court proceedings over a specific feature present in an unofficial beta of JDownloader2 which enabled the downloading of RTMPE video streams on top of existing RTMP. It wasn’t created by AppWork themselves but was a contribution from an open source developer who had worked on the project before.

Since the plug-in handled encrypted streams the Hamburg Regional Court decided that this represented a circumvention of an “effective technological measure” under Section 95a of Germany’s Copyright Act. As a result the Court issued a preliminary injunction against JDownloader2 and threatened its makers, Appwork, with a 250,000 euro fine for “production, distribution and possession” of an ‘illegal’ piece of software.

Appwork found out about the functionality of the plug-in months before the court case and had already disabled it, but the judgment had the potential to have a chilling effect on open source development.

“Are developers really liable if another developer in the community commits code that might be protected somewhere in a software patent? How are Open Source communities supposed to check? What if a program that is included in another Open Source program makes an update that adds illegal functionality?” the company told TorrentFreak at the time.

To find out, Appwork filed an appeal and this week the project received the decision of the court. It was bad news not only for the company but also the open source community in general.

“In the eyes of the judges, our company ‘made the open source contributions our own’ mostly by having a copyright sign in the info dialogue,” Appworks’ Alex informs TorrentFreak.

“Therefore we are liable and must actively screen every code contribution and/or have protective mechanisms in place against someone committing something that might be illegal.”

Alex says that the decision is “worrisome” for the open source community and has the potential to deter people from getting involved in such projects when they discover they must take responsibility for the work of others.

“It doesn’t matter if the project owner did not do anything (i.e. write any line of code) or even if the project owner knows about anything illegal being committed,” Alex says.

“In our case, even when we didn’t even know about the functionality, which was part of an open source binary one of our open source developers used (rtmpdump), we were held liable anyway. Not from the moment on that we got notified about it, but even before,” he explains.

“This means that if any company or individual wants to use an open (or closed) source binary (commercial or not), they are liable for it if it contains any illegal functions. This practically means they are obligated to check every single line of code, which is almost impossible for smaller projects.”

[GhostShip]

Some parts of this reasoning are legally unsound, yes the developing organisation is responsible for its own code but its a far stretch of legislation to claim that the primary developers are in any way shape or form  responsible for the activities of unknown others , this flies against common sense and natural justice, taken to extremes it would make a baton manufacturer responsible for the activities of a policeman abusing a suspect with one of their products, its a poor judgement and should be appealed.

This ruling confuses primary liability with third party liability and in most european courts such actions fail due to the weight of legal proof required to show appropriate or even inappropriate levels of culpability  for those third parties.

The only possible reason for a court to find against the developer is if it can be shown that they either encouraged or allowed (with knowledge of such activity) a third party to create additional functionality that broke some law or other in such a case its a simple judgement. Whats not clear in the article is the question of who's name was on the src when it was shown to the court as the article states it was the primary developer and this might have mislead the judges to assign liability for any code that breached someones rights, if it was pointed out to the judges that the third party had not modified the original copyright notice and thus was in a separate breach of the the terms of possibly a GPL licence also, this might have had some sway with the courts.

[silicon_toad2000]

yeah it is a bit weird, like holding ford responsible everytime someone is injured in a road accident

better still we should hold the banks responsible every time someone defaults on a debt as they create the money supply