Maker of Linux patch batch grsecurity can't duck $260,000 legal bills, says Cali appeals court in anti-SLAPP case

Ninth Circuit affirms decision that Bruce Perens was entitled to voice opinion about GPL compliance

Open Source Security – the maker of the grsecurity patches that harden Linux kernels against attack – must cough up $260,000 to foot the legal bills of software industry grandee Bruce Perens.

So ruled California's Ninth Circuit Court of Appeals today, affirming a lower court's ruling against Open Source Security (OSS).

In June 2017, Perens published a blog post in which he said that he believed grsecurity exposed users to potential liability under version 2 of the GNU General Public License because the grsecurity code states that customers will not get further updates if they exercise their right to redistribute the software, as allowed by the GPLv2.

As Perens – the creator of the open-source definition – pointed out, section 6 of the GPLv2 specifically forbids the addition of contractual terms.

Two months later, OSS sued Perens for defamation over his claims about the validity of the company's software redistribution policy.

In December 2017, the judge hearing the case in San Francisco dismissed the defamation claim, opening the door for Perens to seek court costs under the US state's Anti-SLAPP statute, which is designed to discourage litigation intended to stifle public speech and civic participation.

A month later, while the two parties wrangled over the amount of the court costs, initially more than $526,000, OSS appealed the decision to California's Ninth Circuit Court.

By June 2018, the lower court handling the case concluded that the initial legal cost estimate was unreasonable and reduced Perens' award to $260,000. That amount has now been accepted by the Ninth Circuit.

Perens, in an email to The Register, expressed gratitude toward the attorneys who defended him, Melody Drummond-Hansen and Heather Meeker of O’Melveny and Myers LLP, and Jamie Williams and Cara Gagliano of the Electronic Frontier Foundation (EFF), which joined the litigation during the appeal stage.

"The court held that my blog post did not express a false assertion of fact," he said. "The court also held that my blog post did not imply a false assertion of fact, and that my status as an expert in the industry does not change that."

In an email to The Register, EFF staff attorney Jamie Williams expressed satisfaction with the Ninth Circuit's affirmation of the lower court ruling.

Someone drowning in paperwork

Bruce Perens quits Open Source Initiative amid row over new data-sharing crypto license: 'We've gone the wrong way with licensing'


"This was a straightforward defamation case – one involving no defamatory statements – and we are glad that the Court easily recognized that," said Williams. "Mr Perens' blog post was an expression of opinion based on stated, true facts. OSS’s lawsuit was designed to silence Mr Perens, and to punish him for expressing his opinion.

"This was a quintessential lawsuit against public participation. And as today’s decision confirms, while OSS was free to disagree with Mr Perens, it was not free to sue him for merely exercising his First Amendment right to engage in the public debate about a matter of public concern."

Rohit Chhabra, founder of the Chhabra Law Firm and attorney for OSS, declined to clarify whether OSS will pay the award or seek further legal review, either by petitioning the three-judge panel for a rehearing or asking for an en banc hearing before all eleven Ninth Circuit judges.

OSS has 14 days to file such a petition, which should cite a specific justification, such as an overlooked fact or point of law, a change in the law, or a conflict with another Ninth Circuit decision.

In a statement posted online, Chhabra said, "While we review the panel’s decision and assess our legal options, the court’s holding makes one thing very clear: Mr Perens’ statements are not facts, but mere opinion."

His statement continues, "I find no legal issue, whatsoever, in OSS’s condition to provide access to future versions from their servers only if users do not exercise their GPL rights," and he insists that OSS has an absolute right to deny future services because the GPL doesn't include an explicit statement that developers cannot refuse to do business with another for any reason. ®

Similar topics

Other stories you might like

  • Robotics and 5G to spur growth of SoC industry – report
    Big OEMs hogging production and COVID causing supply issues

    The system-on-chip (SoC) side of the semiconductor industry is poised for growth between now and 2026, when it's predicted to be worth $6.85 billion, according to an analyst's report. 

    Chances are good that there's an SoC-powered device within arm's reach of you: the tiny integrated circuits contain everything needed for a basic computer, leading to their proliferation in mobile, IoT and smart devices. 

    The report predicting the growth comes from advisory biz Technavio, which looked at a long list of companies in the SoC market. Vendors it analyzed include Apple, Broadcom, Intel, Nvidia, TSMC, Toshiba, and more. The company predicts that much of the growth between now and 2026 will stem primarily from robotics and 5G. 

    Continue reading
  • Deepfake attacks can easily trick live facial recognition systems online
    Plus: Next PyTorch release will support Apple GPUs so devs can train neural networks on their own laptops

    In brief Miscreants can easily steal someone else's identity by tricking live facial recognition software using deepfakes, according to a new report.

    Sensity AI, a startup focused on tackling identity fraud, carried out a series of pretend attacks. Engineers scanned the image of someone from an ID card, and mapped their likeness onto another person's face. Sensity then tested whether they could breach live facial recognition systems by tricking them into believing the pretend attacker is a real user.

    So-called "liveness tests" try to authenticate identities in real-time, relying on images or video streams from cameras like face recognition used to unlock mobile phones, for example. Nine out of ten vendors failed Sensity's live deepfake attacks.

    Continue reading
  • Lonestar plans to put datacenters in the Moon's lava tubes
    How? Founder tells The Register 'Robots… lots of robots'

    Imagine a future where racks of computer servers hum quietly in darkness below the surface of the Moon.

    Here is where some of the most important data is stored, to be left untouched for as long as can be. The idea sounds like something from science-fiction, but one startup that recently emerged from stealth is trying to turn it into a reality. Lonestar Data Holdings has a unique mission unlike any other cloud provider: to build datacenters on the Moon backing up the world's data.

    "It's inconceivable to me that we are keeping our most precious assets, our knowledge and our data, on Earth, where we're setting off bombs and burning things," Christopher Stott, founder and CEO of Lonestar, told The Register. "We need to put our assets in place off our planet, where we can keep it safe."

    Continue reading

Biting the hand that feeds IT © 1998–2022