A court in Germany confirmed this week that Appwork, the company that coordinates development of the open source downloading app JDownloader, could be held legally responsible for any and all contributions made by outside developers - even if they didn't know about it.
JDownloader is one of the more popular multi-purpose downloading apps on the web today, and it is capable of for example downloading video files from Youtube or files from file-hosting sites like RapidShare.
Like calibre, JDownloader is an open source app which draws contributions from outside developers, all of which still control the copyright over their work even though they license their code to be used freely by others.
This current situation grew out of a June 2013 ruling which found that Appwork was liable for a feature which had been coded and contributed by an outside developer. This feature, which was only available briefly in some of the beta releases for JDownloader, let users download DRMed RTMPE video streams and automatically strip the DRM.
The Hamburg Regional Court found in June that this violated the anti-circumvention clause of Germany’s Copyright Act and issued a preliminary injunction banning any version of JDownloader that contain the DRM-stripping feature.
None of this is unreasonable, but I can't say the same about what happened next. The court then decided that Appwork was responsible for the violation, and not the open source developer who had actually written the code (and who still owned the copyright). Appwork was threatened with a 250,000 euro fine for “production, distribution and possession” of an ‘illegal’ piece of software.
Appwork had already removed the offending code from the beta release and had never officially released a version of JDownloader with the DRM-stripping feature, so the court ruling had little practical effect. But it still had a chilling effect on Appwork, which is why the company decided in June that they were going to fight the ruling.
Today I am dismayed to report that Appwork lost that fight (the first round, anyway). As Appworks' told TorrentFreak, "In the eyes of the judges, our company ‘made the open source contributions our own’ mostly by having a copyright sign in the info dialogue. Therefore we are liable and must actively screen every code contribution and/or have protective mechanisms in place against someone committing something that might be illegal."
In confirming this ruling the Hamburg Regional Court has decided to apply a legal principle of secondary liability, which in short means that they're blaming Appworks for the actions of another. That's not a strong legal argument - not in the US, at least, but Europe is a separate case.
Courts in the US have generally been inclined to assume that principle of secondary liability is invalid (Sony v Universal, 1984), and in fact protection from secondary liability has been codified into US copyright law. It's known colloquially as the Safe Harbor rule under the DMCA, and it is part of the reason why Viacom losing copyright infringement cases against Youtube.
But there have been times where lawyers have successfully argued that secondary liability applies. For example, most of the anti-piracy cases against file-hosting sites and music sharing sites hinge upon finding reasons why the service being sued made themselves liable for the actions of their users. Grokster, for example, lost the court battle against MGM in part because of how they promoted their file-sharing service and how it was discussed inside the company.
Bringing this back to Appworks, the German court decided that Appworks was liable simply because if a copyright symbol on the about page. That seems a tenuous claim at best, but it was enough for this court.
This ruling is going to have a chilling effect on open source software projects in Germany and the rest of Europe.
As the Appworks spokesperson put it, "It doesn’t matter if the project owner did not do anything (i.e. write any line of code) or even if the project owner knows about anything illegal being committed," they are still liable. As a result of this one ruling anyone who maintains an open source project is going to have to screen all contributions from outside developers out of fear of a lawsuit.
Fortunately for users of calibre the primary developer, Kovid Goyal, is not based in Europe; he lives in India and as such is outside the reach of all but the most ridiculously overreaching European courts. On the other hand, India has their own version of the DMCA, and it includes criminal penalties for DRM circumvention. Indian copyright law was amended in 2012, and this was one of the additions.
Calibre supports the use of third party plug-ins, including a particular plug-in that can be used to strip DRM from ebooks. Kovid did not develop that plug-in nor does he promote or distribute it, but that doesn't mean that some ambitious prosecutor won't decide to make a name for itself by going after Kovid.
Okay, I will admit that this is a stretch. But it is not impossible - not if you recall what happened when DeCSS, the DVD decoding tool, was released in 1999.
This was the first tool that let users strip the DRM from a DVD so it could be loaded onto a hard disk, which naturally did not please the MPAA. One of the developers of DeCSS, Jon Lech Johansen, was prosecuted in Norway at the instigation of US industry interests. He was eventually acquitted after being tried twice, but it took 3 years before he could clear his name.
I don't want to see that happen to Kovid Goyal, do you?
Heck, i don't want that happening to anyone.