I’ve been investigating Telstra’s T-Hub “home phone of the future”. The T-Hub is built with open source software, but Telstra do not seem to be honouring any of their legal copyright or licensing obligations.

Update 3: “Telstra frees T-Hub open source code”

Update 2, 9 Feb: Telstra have posted information about how to request T-Hub source code. I will post more details when my disc gets here.

Update 1: A response to Telstra’s PR statement about T-Hub & T-Box.

(For the non-Aussies: Telstra is Australia’s largest telecommunications company, and is part government owned.)

My T-Hub booting. The screen looks odd because the protective film is still on it.

Short Version

I investigated the T-Hub and found it is built on a variety of open source software, including GPL licensed software like Linux and busybox. However, Telstra are not mentioning this anywhere and are not distributing source code, or notices to obtain source code.

By doing this, Telstra are violating the licenses and also robbing the authors of their rightful attribution. They appear to be regarding open source as a free-for-all that they can exploit without giving back even the small amount required legally by the various license terms.

However, I believe that Telstra can easily take steps to comply with these licenses.

Telstra have a range of other Linux-based products, including the T-Box and a soon-to-be-released “T-Tab” Android tablet. To the best of my knowledge the T-Box is not GPL compliant either, which gives me little hope for the upcoming T-Tab.

What is a T-Hub?

T-Hub is Telstra’s “home phone of the future”. It’s essentially a tablet-like device (think Chumby with less functionality) loosely integrated with a cordless land-line telephone. The OEM product is from Sagem, although as far as I know Telstra is the only vendor world-wide.

GPL Software

The GNU General Public License is an open source “copyleft” license. Vendors are encouraged to freely distribute products built with GPL software, provided that they acknowledge the license and also provide access to the source code (modified or not) for the GPL licensed or derived portions.

A while ago I learned that the T-Hub runs Linux, which is subject to GPL.

Attempting to make contact

For over two weeks I’ve been attempting to find someone at Telstra to talk to about this. Despite best efforts (phone calls, emails), I have been unable to contact anyone with the slightest idea what I am talking about, or with the ability (it would seem) to actually find someone who knows what I am talking about.

Best quote so far, when I was transferred to tech support: “Look mate, noone calls up Microsoft and asks for their source code…” Um, sure.

Finding out myself

Frustrated, I bought an “as-new” T-Hub on ebay. First, I scoured the documentation for any mention of the software license(s):

  • Manual (downloaded online.) No.
  • Quick Start guide (in box.) No.
  • Box itself. No.
  • Inside device itself, when it first boots. No.

Next, I found the URL where the device downloads its firmware. The current firmware can be downloaded directly here. The file is a JFFS2 filesystem image, which can be mounted via mtdram as described here (EDIT: you can skip the jffs2dump step if you’re on a little-endian machine like a PC.)

By browsing the filesystem of the device, I can see a range of GPL or LGPL licensed software contained within. Here is a (possibly incomplete) list. The following components are GPLv2 licensed:

  • Linux kernel v2.6.19.2
  • Busybox v1.1.3
  • GNU Fdisk v2.12

The device appears to be built around a Freescale i.MX31 SoC, which means that it probably also contains a GPL licensed bootloader (u-boot or RedBoot.) I haven’t taken any steps to verify the bootloader, though.

There are also LGPL licensed libraries:

  • GNU C Library
  • gstreamer v0.10
  • Pango
  • Libusb v0.1.4

The following included open source software is not GPL licensed but has a license that requires acknowledgement that it is included in the product. These notices do not appear to be included, either.

  • libcurl
  • OpenSSL (libcrypto)
  • Dropbear
  • ImageMagick v6.5.3-7

What should Telstra do?

GPL compliance is not that hard. GPL-Violations provides an excellent (and simple) vendor FAQ explaining a vendor’s obligations under GPL.

Telstra should review their use of open source in all their products, and amend their ways so they are legally compliant.

For the T-Hub, this includes adding GPL and other license and copyright notices to the product documentation, adding offers for source (or actual source code) for the GPL licensed components, and also making sure that “the tools required to compile and install the GPL licensed components” are made available.

Aside from the time this will take, I don’t see how GPL compliance could negatively impact the T-Hub product in any way. In fact, it may even provide a new market by allowing intrepid users to load different software onto the T-Hub. Of course, this is beside the point – the license terms are clear, and by choosing to use these software products Telstra must commit to honouring their license agreements.

Frequent Responses

There are a few kneejerk responses that always seem to appear in these cases, so I’m going to address them in advance:

“The source code wasn’t modified, so there was no need to comply…”

This is a misconception about GPL. The source code doesn’t need to be modified as a prerequisite for compliance.

However, the vendor doesn’t always need to distribute the source themselves. Under GPLv2 clause 3(c), they can simply redistribute an “offer to distribute corresponding source code” that they themselves received from a third party along with the binary code, provided that the vendor did not modify the source themselves.

EDIT 8/11: Glen points out in the comments that clause 3c only applies to non-commercial distribution, so it seems Telstra can’t copy someone else’s notice – they’d need to provide their own offer for source (3b) or put the source code in the box somehow (3a).

“Sagem made the device, not Telstra. They are responsible for compliance.”

It is true that Sagem made the device. However, Telstra are the legal entity who are distributing (ie selling) it. The customer’s relationship is with Telstra, not Sagem. Whatever private arrangement exists between Telstra & Sagem is not our business.

Of course, in practice, it is Sagem who will probably be responsible for providing source code and documentation in order to allow Telstra to comply. At the moment I think there are two possibilities: one is that Sagem provided enough information to ensure their compliance, and Telstra ignored that information. The second is that Sagem did not provide enough information, and are themselves in violation of the license. However, as I said before, this is Telstra’s business with Sagem, not my business or the business of any of Telstra’s customers.

“This is why I don’t trust GPL… blah blah… open source zealots… blah blah…”

This one always baffles me. Via GPL/LGPL a company can get access to a complete world-class operating system with libraries for almost any conceivable use. They get this at no monetary cost, without needing to negotiate any license agreements or pay a cent to anyone. Better yet, all of the software comes under a single license so the legal department only needs to read and understand one or two documents. The company is then welcome, even encouraged, to build end-user software on top of this OS & libraries, bundle it all into their products and sell it at a profit.

The only thing a company is asked to do is acknowledge the open source components, and make source available. That’s the sole cost to a vendor like Telstra, for an entire software ecosystem. I believe the GPL can make no claim on any of Telstra’s original contributions to the T-Hub, such as the custom HTML UI, which are not derivative works of any open source software. None of that source needs to be released, unless Telstra wants to release it. There’s no risk that Telstra will somehow lose any competitive advantage they have in this product, via open source.

Yet it seems to be all too hard. Why is that?

Alternatives to T-Hub

If you want to buy something like a T-Hub (“kitchenputer”), but want a product that respects copyright law, then I recommend checking out Chumby for starters. Chumby Industries are a terrific company when it comes to open source. Internode sell chumbys in Australia (no Chumby One yet, though. :(.)

What am I doing next?

I’m going to notify as many rights-holders as I can find for the software mentioned above, and encourage them to formally contact Telstra.

I’m not sure what I’m going to do personally with my ebay T-Hub. I’m not a Telstra customer, so it’s more or less useless in its current form. So far I haven’t found any way to load custom firmware, without spoofing Telstra’s update web server (although I haven’t taken mine apart to look for a serial console.)

I thought it might make a good Android tablet, but it has a resistive touch screen and it also probably doesn’t have enough physical buttons for a good Android user experience. Plus for the same money I could buy a OMAP3-based Android tablet with a Cortex A8 in it (newer than the ARM11 CPU in the T-Hub.)

So… it’s probably going back on ebay. Unless anyone wants to buy a nearly-new T-Hub? I can’t guarantee the sale will comply with any licenses, though. :D.

28 thoughts on “Telstra violating GPL in their T-Hub product

  1. The party A (OEM) sells to party B (retailer) sells to party C (consumer) is an interesting issue.

    Typically we see the OEM directly provide source, eg I have a Samsung phone and they operate http://opensource.samsung.com/ as a repository for all their products.

    I didnt buy my phone directly from Samsung though; and my retailer does not provide the source code that Samsung provide. Is my retailer technically violating the GPL?

  2. Nathan – My understanding is that as long as they ship the device with the correct notices attached, they don’t necessarily have to give you any source.

    I believe on Android that information is usually available on the device itself, under “About>Legal Info”, as well as in the documentation. As long as something somewhere says (in essence) “Contains GPL licensed software X copyright Y. Source code available from Z”, then I believe it’s compliant.

    I think technically, though, if that information was somehow not available then you need to ask for it from your retailer, who will then go up the chain to Samsung.

    Whether you’d complain to your retailer even though you knew Samsung had released source is probably a matter of how pedantic you are, though. :)

    EDIT: One thing worth noting is that OEMs like Samsung aren’t obliged to run portals like opensource.samsung.com. They could instead choose to provide all of the source code only privately to their vendors, making the OEM compliant under GPLv2 clause 3(a) not 3(b). That then makes the vendors responsible for ensuring compliance. That’s the pattern we see with a lot of the Android Tablet SoCs.

    It’s really Samsung (and the like) being good friendly open source citizens that cause them to run portals like opensource.samsung.com, and thereby somewhat reduce the obligations on vendors.

  3. “However, the vendor doesn’t always need to distribute the source themselves. Under GPLv2 clause 3(c), they can simply redistribute an “offer to distribute corresponding source code” that they themselves received from a third party along with the binary code, provided that the vendor did not modify the source themselves.”

    Section C states “This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.”

    Would Section C be applicable in this case?

  4. Glen – I guess you’re probably right, given they sell the product. I guess that’s why I’m a programmer, not a lawyer! :P

    In that case, I suppose they are probably obliged to put the source in the box (3a) or distribute an offer for the source themselves (3b).

  5. As it seems you are already aware, you need to contact the actual copyright holders of these works and get them interested in pursuing it further. The easiest would be BusyBox who have sued *many* embedded device manufacturers already.

  6. Well… If your analysis is correct (which sounds plausible), then you cannot put it back on ebay: if you were to sell it, then it puts you in a bad position in two ways:

    * You too would guilty of copyright infringement – just like Telstra. And since you’re asking Telstra to comply with the license, not doing so yourself is hypocritical. (sorry for sounding harsh…)

    * If you do not have the device, then you probably have less leverage with Telstra: It just makes you an “interested party” – not somebody who is entitled to the source code.

    You are better off keeping the device…

  7. There are two interesting comments that I’ve seen on this one:

    a) While your recent correction above is right in that Telstra have to (but see next point) offer the source, they could offer the source by contracting Sagem to host the servers and pointing to Sagem’s servers. The end result would be very similar to the non-commercial section c, but keeps Telstra legally in the loop.

    b) One interesting argument I’ve heard likens Telstra to a book seller rather than a publisher. If a publisher were to do an unlicensed print run of a book and then sell those books to Dymocks, I don’t think Dymocks could be held liable for the ones they’d unwittingly sold – it would be the publisher’s responsibility. However, once informed of the issue, Dymocks would probably have to stop selling the books until they were licensed correctly. I’m not a lawyer though, so this might be incorrect. :)

  8. Will,

    Thanks for posting, they are both very insightful points.

    In terms of (a), I think you’re correct that Telstra would be fine to contract all those services to Sagem (or, actually, Sagemcom – apparently the two companies are different.) Even if there is some ambiguity in the license, I’d be surprised if any of the rightsholders would mind, provided everything else held together.

    In terms of (b), I think the book seller / publisher analogy may not quite work either intuitively or legally in this case.

    Intuitively, it’s not quite the same because Telstra commissioned the T-Hub, wrote all the documentation and marketing material, and it’s their brand on the device and the box. From the end customer’s point of view, Sagemcom is just a name on the bottom of the device if you turn it over and look there.

    The analogy works better for things like Telstra selling HTC’s Android phones, where the phone is marketed as being from HTC, comes in an HTC box, and support is at least partially provided by HTC. Of course, this particular example is muddied a bit because Telstra apparently ship their own superficial branding on HTC’s phones, but they don’t call it a “T-Desire HD” so I’m going to conveniently ignore that for now. ;)

    Legally rather than intuitively, the publisher argument seems to rely on Australian copyright law’s “exhaustion of rights” concept, which is similar to “first sale doctrine” in the US. I don’t really know enough to comment, although it seems like the GPL includes clauses that aim to override both of these and the actual end legal effect in a particular jurisdiction may not be clear. It presumably also depends on the exact relationship between Sagemcom and Telstra, which is not clear either.

    Thankfully, these arguments seem to be academic at this point because Telstra has come forward and said they will sort it all out.

  9. Karl, you’re probably right about me ebaying it. Legally, I might be OK under “exhaustion of rights” (see above) but I also might not be. Morally, it’s certainly less clear-cut.

    I’m actually leaning towards keeping it anyhow. I’m too curious about what’s physically inside to resist the urge to tear it open and take a look. For instance, I’d like to know how the T-Hub communicates with its DECT phone.

  10. While you are reminding companies to do the right thing you should add Vivid Wireless to the list. Certainly the home gateway device they sell most certainly is Linux based and they do not care to honour their obligations under the GPL from those that have tried.

  11. Hi VANT,

    Sorry to hear that. My suggestions are that you:

    – Attempt to contact the company and ask about Linux/GPL source code and compliance (point them to the GPL-Violations Vendor FAQ as an example of their responsibilities.) If you’re friendly then odds are that they will give you a positive response (this is what I tried first with Telstra.)

    – If you get no response there, you’ll need to find exactly what GPL software is part of the home gateway device and contact the rightsholders for those packages. You should also consider joining and posting to the GPL-Violations.org legal mailing list.

    There are some other discussions of “what to do when you find a GPL violation” online at http://gpl-violations.org/faq/violation-faq.html and http://www.ebb.org/bkuhn/blog/2009/11/08/gpl-enforcement.html

    Hth – Angus

  12. I filed a Questus complaint with Telstra. A rep. called me today, & was told that he contacted the T-Hub manufacturer, who told _him_ that there was no open source software whatsoever on the device.

    I read the rep. your list of FOSS on the device, & he said he’ll get back to me.

    If I don’t have any joy, then the next step is to file a complaint to the Telecommunications Industry Ombudsman.

  13. Hi Duncan,

    Great to hear that you’re following up on this, too. I have a contact at Telstra now as well, although I haven’t heard from him in some time – I believe he’s been on holidays the past three weeks. Last I heard he was still waiting to get a response from the OEM.

    I’ll be certain to post again if I hear anything.

    – Angus

  14. A different – and quite rude & aggressive – Telstra rep just phoned me.

    She said that her understanding was that as I would be using the source code to switch to a different provider (don’t know where she got that idea), and the T-Hub only works with Telstra, there would be no point in having the code. And besides, she said, they won’t release it.

    I explained to her that my intended use of the code is irrelevant to Telstra’s obligation to release it. I also pointed out that there are many reasons to want access to the source, including learning & security audits.

    She’s calling me back, apparently.

  15. Oh dear. Congratulations on your persistence and politeness with the matter.

    I’ll try and raise my contact at Telstra again, and also draw his attention to this comment thread. Hopefully we can still get this to go somewhere constructive.

  16. I hope so too, but I don’t hold out much hope.

    The last rep. with whom I spoke had simply no clue as to what the GPL is, & was positively crowing over what she saw as a reason to withhold the code (i.e. that I might use it to connect the T-Hub to a different provider). She actually sounded very happy & self-satisfied.

    She announced her (odd) conclusion and then asked “is there anything else I can help you with?” and was quite taken aback (& became a lot less happy) when I explained the flaw in her undestanding of the GPL.

  17. No one called me back, so I called them. Apparently my Questus complaint was ‘unassigned’. I was put in touch with a new case manager, who asked me if my complaint was due to an inability to upgrade my T-Hub.

    Much hilarity ensued as I explained the issue to her, then to the poor CSR on the T-Hub helpdesk (yes, that’s who she put me through to; the complaint has come full circle as it was the T-Hub helpdesk who originally escalated the issue). The poor chap did very well under the circumstances.

    He suggested I call the manufacturer; I explained that the manufacturer has already lied to Telstra about the presence of GPL software in the device (see http://projectgus.com/2010/11/telstra-violating-gpl/#comment-3878 ), is profoundly unlikely to help me, and besides it’s Telstra’s issue because they’re distributing the device.

    So, said CSR’s team leader is getting in touch with his colleagues and will be calling me back soon. The case manager promised a callback in ~ 24 hours too.

  18. I just had a call back, less than ten minutes after my call. I have a new case manager who’s following it up, & who has promised a callback in < 24 hours. He seemed quite interested in all the details. Fingers crossed …

  19. I got a follow-up call, just to check I want the source for the T-Hub, not the source for the HTC Desire. Oh well, at least they’re trying … apparently I’ll get another call back this evening.

  20. So a different Telstra rep called me, & told me that as far as he is aware, there is no way Telstra can release the source because of ‘Copyright Reasons’, & because if they released the source, then I could possibly change the binaries on the device.

    I explained that ‘Copyright Reasons’ are the reason why they are _compelled_ to release the source, regardless of whether they want people changing the binaries.

    He said he’ll call back in a few hours …

  21. Hi.

    Anyway to take linux tree and rebuild and flash with new custom “rom”?

    want to try port Android over to THUB.

    Any ideas?

    Thanks.

  22. Hi Shannon,

    Thanks! FWIW, there’s actually another direct link to the Bigpond info page posted above, that should work for you. The Bigpond and the Telstra info pages are identical, except that the Readme link on the Telstra page is broken… ;)

    Good luck with the source (I got mine pretty quickly, will do a post when I have some time.)

    – Angus

  23. Well it seems that Telstra can’t find the software and don’t support the T-Hub 1 any more. Why can’t they just leave a link so people can download if. Go figure.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>