I'm usually rather scathing of test cases, because they allow more affluent parties to exert undue influence on legal precedent. However, in this scenario I have nothing but congratulations to offer to the Software Freedom Conservancy: they took on a party several times their size, seeking resolution of a clear-cut GPL violation, and - most importantly - in a way that seems to me entirely compatible with the spirit of the GPL.
If one reads the articles written by the progenital big cheeses of the early Free Software Foundation (such figures as Richard Stallman, Eben Moglen and even Bradley Kuhn of the SFC himself), it's clear both from the legalese and the marketing slogans that user empowerment was the intention. Those old articles don't give me the impression that enforcement the GPL was ever supposed to be a privilege limited to the software author, even if this was the most conventional situation for copyright infringement cases and thus the only legally viable action.
I'd posit that the SFC are being lenient, even generous with their legal action against Vizio. Suing to enforce the GPL 3.0 rather than version 2.0 would have been slightly more so, considering the "cure within 30 days" provision introduced in the GPL 3.0 family. But that is all but irrelevant considering Vizio's long-standing disregard for copyleft license compliance.
They can't sue to enforce GPLv3, because Linux isn't under a "GPLv2 or later" license. However, Conservancy established "Principles of Community-oriented Enforcement" (https://sfconservancy.org/copyleft-compliance/principles.htm...), and these include extending the 30 days provision to GPLv2-only works. This is a concession by Conservancy and not a requirement of the license, but it's a part of the Principles that has been widely lauded and adopted by others including Red Hat (https://www.redhat.com/en/about/gplv3-enforcement-statement).
The lawsuit does not ask for source code solely for the kernel, but also for several userspace components under GPLv2 and LGPLv2.1 (at least some of which are at least in large part under "or-later" licensing). They don't recite any noncompliance wrt any *GPLv3 components, perhaps (though I'm just guessing) because Vizio doesn't include any in their TVs.
True, though from the filing it's clear that Linux is the most interesting to them (it's the only one that is described separately, in paragraphs 41-45 of the complaint).
> In October of 2021 the Software Freedom Conservancy (SFC) decided to launch what is believed to be the first significant open source lawsuit based in contract rather than in copyright. Critically, the SFC’s case argued that anyone who benefits from the General Public License (GPL), not just the authors of the software, should be able to bring a lawsuit to enforce the terms of the GPL.
This seems to be the key issue. It's the first time I've heard of a case in which the party claiming harm was not the author of the software.
It raises a lot of questions - for example around linking. My understanding of the issue with respect to Linux was that Linus won't enforce GPL against those who link, therefore, Linux is immune to the reciprocity requirement when just linking occurs.
This new case seems to raise the issue of whether those other than authors of GPL software can bring suit under contract rather than copyright for linking to GPL-licensed software.
AIUI: This case isn't about kernel modules, but it re-opens the question of what to do about closed-source kernel modules, because the status quo is "Linus doesn't want to sue people even though closed-source kernel modules might be illegal", and now you don't have to be Linus to sue people anymore.
Linus Torvalds enjoys an incredibly good negotiating position relative to these corporations. Simply put, he's got massive leverage in the form of Linux's staggering development speed: he gets like a zillion patches an hour. He maximizes that leverage by purposefully keeping the kernel APIs and ABIs unstable so they can't reliably target it without mainlining their drivers as GPL code in the kernel tree.
Corporations modifying Linux have the choice of playing ball and publishing source code or being forced to play catch up with the constantly changing kernel until the end of time which is obviously unsustainable and ends with them getting left behind and eating dust. This manifests as shitty products which run outdated tainted kernels and never get updated.
That's what leads Linus to be "lenient" towards these corporations and their violations. He thinks their products are mere toys that don't matter in the grand scheme of things. I remember reading an email on LWN where he used that exact word to describe them. Toys.
Obviously, as the users of these shitty products, we think differently. We'd very much enjoy it if some courts were to force these corporations to publish their source code under the GPL. Then we'd be able to have actual quality drivers instead of their proprietary nonsense, and we'd be able to run the latest mainline kernel on our devices.
we'd be able to run the latest mainline kernel on our devices
GPL or no GPL, we're talking about a TV here. I seriously doubt that they have a bootloader that's willing to run unsigned code. So maybe you'd be able to inspect what is running on your TV, but I doubt you'd be able to actually run your own kernel on it without some sort of jailbreak.
Periodical reminder that copyright and GPL do not talk about linking.
At all.
Even taking contractual position instead of copyright doesn't change the part where it does not matter nothing regarding whether you link or not with GPLed code that is established by the text of the GPL.
What's important, and what RMS used to bully projects in the past into changing licenses, is whether the work would be considered derivative - as in, would it exist without inclusiom of GPLed code? (Very simplified depiction - in practice that's something a court would have to decide).
At the same time it means that if you use a GPLed library that just implements an otherwise existing interface and it's completely conceivable that your code isn't derived from it, then it doesn't matter that you linked. But it can also mean that just separating with a network connection also isn't enough to break derivative-ness.
> Periodical reminder that copyright and GPL do not talk about linking.
> At all.
GPLv2 does not, but both LGPL and GPLv3 explicitly mention linking in the license text, so this part of your comment is factually false.
However, it's mostly used as an example; I agree any work with strict dependencies to a GPLed work might be considered a derivative even if the dependency is not expressed by linking.
> This is because, under a doctrine known as preemption, state courts generally cannot rule on questions of federal law, like copyright.
This is too broad and in need of slight correction. By default, state courts have jurisdiction to hear cases under federal law, unless indicated otherwise "by an explicit statutory directive, by unmistakable implication from legislative history, or by a clear incompatibility between state-court jurisdiction and federal interests." Gulf Shore Co. v. Mobil Oil Corp., 453 U.S. 473, 478 (1981).
In this case, the author is correct, because copyright—like bankruptcy—is a matter of exclusive federal jurisdiction. However, extrapolating that "generally" to all "questions of federal law" is not accurate.
I just want to reiterate the point in the article that this is very much a David vs Goliath situation. If you value free software, please consider donating to the SFC here: https://sfconservancy.org/donate/
Isn’t the whole point of being bound by the Rule of Law to eliminate this kind of David and Goliath situation?
If I’m mistaken in this assumption, please tell me why. If I’m correct in this assumption, where has the system been corrupted in this case?
(End Devil’s advocate. Seriously interested in where things went wrong, because if this is being raised as a question instead of reported as a clear outcome, something’s gone wrong.)
The goal of the Rule of Law is to reduce this problem, but it hasn't succeeded at eliminating it (and never will). It's exceptionally hard to design a society so that someone with more resources doesn't have an advantage over someone with fewer resources, without massive restrictions on freedom.
> If I’m mistaken in this assumption, please tell me why.
Because corporations can afford lawyers and have all the time in the world to argue over stuff in court. Normal people have better things to do and more important things to spend their money on.
In other words, corporations use the legal system to burn people's time and money until they capitulate.
If you publish something on GitHub and someone else copies it, will you sue him? I seriously doubt it. Your work might as well be in the public domain.
Corporations, on the other hand, have entire legal departments dedicated to ripping you a new one if you copy their work. They're so efficient at it chances are you'll do what they want without courts even getting involved. Even if it somehow goes to court, it's not a waste of their time either since it's literally their job.
I've seen corporations DMCA take down screenshots of video game emulators running games by claiming copyright infringement even though Sony literally lost a case over that when the court decided it was comparative advertising and thus not infringement. Who's gonna spend their time and money fighting the billion dollar corporation over this though? The company who fought Sony went bankrupt and got bought by Sony. Individuals have no chance.
In theory, sure, in practice, when you have hundreds or thousands of times more resources than someone else, you are at an advantage. That's one of the many reasons why minorities are incarcerated at high rates (and why nobody uses public defense if they can afford private), and why organizations like the ACLU & SPLC exist. That's why we see cases like Gary Bowser (nintendo mod chip seller) being fined 15 million dollars in egregious violations of justice. Sometimes, people cannot even afford to fight, like when apple brought a lawsuit against a coffee shop with an apple logo (actually, in this case the coffee shop did win, but you can see how many times when apple sues you you just decide to go huh ok you win apple). Indeed, it's a very common tactic: stall until the opponent runs out of funding. That's even before you begin to consider things like bail and bribes (e.g. Clarance Thomas). And sure, not much of this applies directly to this case, but you can clearly see how money helps win court cases, even if you just consider the hundreds more eyes searching for loopholes.
It's funny - Vizio saves a ton of money by using all this GPL-licensed and free-as-in-money software, and yet they cannot even comply with the license requirements of the people who saved them all this money?
Like every embedded vendor, they have a decade of technical debt so it will take them a person-year to untangle their build system just to get to the point where they even know what dependencies they have. Then they can start on the license audit.
I think it may matter in specifics of how Red Hat chose to implement GPL compliance recently. This means that even non-clients of Red Hat can ask for copy of source code as long as they have binaries. And you should definitely have right to give away binaries without asking Red Hat for permission.
> This means that even non-clients of Red Hat can ask for copy of source code as long as they have binaries.
No, that is not a part of this trial. The SFC is a customer of Vizio, if they weren't they would not have had any kind of standing. The novelty is that a company who buys RHEL and redistributes it might be able to sue IBM if they then refuse future contracts.
As it stands today, only Linus or other Linux copyright holders could sue. End users have never tried before.
> you should definitely have right to give away binaries without asking Red Hat for permission.
You do, and you have to provide sources in that case.
But, Red Hat can choose to stop doing business with you if you give away binaries for reasons that they judge to be against their interest. They aren't forced to accept your money.
That is certainly what RH likes to claim, but it always struck me as extremely suspicious logic. If the license says you have to share code with users and cannot restrict their rights to do the same, and they exercise those rights and you immediately retaliate, it sure seems like a reasonable person would say that you're restricting the rights of your customers in direct contravention of the license terms.
I think we can agree that businesses have the right to "fire" their customers, for (pretty much) any reason try like.
Of course, as with any "subjective" behavior right, there can be regulatory implications (Christian cake shops selling wedding cakes to gay couples springs to mind.)
I'm not aware of any regulations though that would force RH to keep customers that broke their source-distribution-embargo.
Clearly RH is not impinging on the users rights to distribute the source. They are impinging on the "privilege" of being a customer. Does that second-order effect fall under the GPL? Smarter lawyers than me will decide, but it seems like a tough sell.
Of course we may not -like- that restriction, but its a long way from there to -legal- requirements.
It's hard really to see how one can mandate an OSS company to -have- to do business with "any customer" when the moral-principle-premise is so high in OSS. I'm not sure that a regulation against RH would be a win for OSS in general.
> I think we can agree that businesses have the right to "fire" their customers, for (pretty much) any reason try like.
Unless of course the business is subject to a contract which prohibits firing customers for that reason. For instance, if it uses the words
> You may not impose any further restrictions on the recipients' exercise of the rights granted herein.
then no, they certainly don't have the right to fire customers for exercise of the rights granted therein.
(your next few paragraphs say the same thing in different words, so I'm going to skip them)
> It's hard really to see how one can mandate an OSS company to -have- to do business with "any customer" when the moral-principle-premise is so high in OSS.
I don't know what you mean by "moral-principle-premise", so forgive me if this isn't what your saying, but I think it's really easy to see how one could mandate that RH honor the GPL; if they retaliate against a customer for using their rights, then RH no longer has a license to use GPL software and get to be sued into oblivion. This would be much like how employees are protected against retaliation under assorted circumstances; you can fire an employee who alleged sexual harassment, but that had better not be the reason and you'd better have a very good paper trail to prove as much.
That is absolutely a restriction, just not implemented via technical measures; it is a behavior that is intended to prevent customers from exercising their rights. If you impose "consequences" for a behavior, you're obviously acting to stop people from doing it.
People may -want- distribution of source code to be a protected reason, but there is no language supporting that in OSS or Free licenses, and not court or legislation has ruled that it is protected.
Since the default for all reasons I "unprotected", it follows this is unprotected until a court / Congress rules otherwise.
"Wishing" is not a legal strategy, and in the area of licenses it's the law that matters.
This seems nitpicky. You can't appeal to the fact that something is not yet settled law during a discussion of whether it will become settled law later.
If you sign an employment contract that specifies you can only be fired for X and Y, and the company fires you for Z, you can sue. That doesn't mean your ongoing relationship is a right, it means one party didn't live up to the contract.
Of course not. Just as use of GPL software isn't a right. Stop using copyleft software and you won't have to worry about those licenses giving your customers rights.
Neither is employment. But there are still consequences for firing someone for an unlawful reason. I'm not saying Red Hat is wrong—I'm still undecided—but I don't think your logic is very persuasive.
How would they even know who it is? Alice is a Red Hat customer, gives binaries and sources to Bob in private, now Bob publishes them on the internet for the world without telling anyone it was Alice he got them from.
"Tell us who it was so we can retaliate against them for exercising their rights under the license" doesn't seem like a good faith request.
Untrusted? They're from RedHatSourceDumps.onion! A few years back, my mate in Contoso gave me some sources a few years back, and they were identical to the ones that showed up on RHSD the next day; I don't know anyone who's ever noticed a bit out of place. Why would they choose today to start injecting malware, when somebody would raise the alarm within a week?
Back in the real world: binary RPM packages are cryptographically signed, and I'm pretty sure source packages are as well. Who needs provenance when you can blindly assume that nobody's cracked the crypto yet (or, more realistically, leaked the keys)?
Anybody can diff the sources against upstream if they want to.
But also, how does that even mean anything? Bob submitted a patch to the mainline Linux kernel which Red Hat forked which Alice downloaded which Bob uploaded and now you're trusting Bob that the code is safe, which you were already doing anyway unless you were comparing the changes to the code yourself, which you can still do.
That is part of what Alma and Rocky argued they could do to get upstream source. However they’d likely have to sue the middle man first. E.g if you need RHEL source, but you’re a customer of <cloud provider>, you have to use cloud provider to provide you RHEL sources. They can then get it from RHEL, but the cloud provider is not a reseller in this case, but just someone who built their house on a product.
However that does allow RHEL or the cloud provider to cut off customers who are actively engaging in source forwarding. The GPL doesn’t dictate who you do business with, and you effectively end up in a stalemate.
Vizio on the other hand doesn’t have the power to prevent you buying their product. Buying from a reseller like Best Buy is legally equivalent to buying from Vizio when it comes to support. Therefore Vizio has a direct customer relationship with anyone who wants the source.
I'd like to preface this comment with the fact I support what the SFC is trying to do here: if you're using GPL software, you have to publish the modifications. It's pretty simple...
That being said, and please correct me if this doesn't exist in the US/US-CA, have they risked a malicious intent argument here? Did they go out and buy the TV with the sole intent of baiting Visio into an argument?
> if you're using GPL software, you have to publish the modifications. It's pretty simple...
If you redistribute GPLed binaries you have to be willing to provide the source that built that binary, whether it incorporated changes or not, to anyone who asks. “Provide” can include pointing someone at a public repo these days.
“a) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by the Corresponding Source fixed on a durable physical medium customarily used for software interchange.”
Assuming any “durable physical medium customarily used for software interchange” still exists, that means that, if you choose to ship your software on CD you have to give the source to whomever you distribute the binary, but need not make the source code available to others.
If, instead, you go for the distribution method of article 6b, you do have to make the source code available to anyone who possesses the object code, but not indefinitely:
“b) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by a written offer, valid for at least three years and valid for as long as you offer spare parts or customer support for that product model, to give anyone who possesses the object code either (1) a copy of the Corresponding Source for all the software in the product that is covered by this License, on a durable physical medium customarily used for software interchange, for a price no more than your reasonable cost of physically performing this conveying of source, or (2) access to copy the Corresponding Source from a network server at no charge.”
So, if you distribute the binary in a “physical distribution medium”, and then immediately claim to stop supporting that product, I think you’re off the hook if nobody asks for the source code for 3 years.
Also, should that “(including a physical distribution medium)” have been there in that article in the license? It means you can sell a CD with your software, immediately stop supporting that CD, and get of the hook in 3years time.
If you are using an entire linux install van you just point to the equivalent list the distro must maintain? I've never seen a list like that for ubi or similar.
I think it doesn't matter. If the major question was if a 3rd party could have standing, and the answer was yes because they were a beneficiary, then all they need is to show that they were not given a benefit they were owed. If the reason they bought the tv was to use it on their wall, and would have benefitted from the source code to modify the tv or study how tvs worked etc, that would just be one possible benefit. Using the tv to excercise a right just to test if you actually have that right, or to use the tv and it's source as an example in the persuit of their operation which is to defend the gpl and the authors and users, that is still using the tv, and still a benefit that the gpl grants and that it's framers and users definitely intended to grant. The gpl goes on and on and restates the intent multiple times in multiple ways that the whole purpose is explicitly to grant every end user the right for any purpose and without having to justify it.
It would seem that this makes buying the tv just for the sake of the case perfectly fine by at least 2 different vectors, each of which would seem to be enough all by itself. 1 - You have to be able to test something to prove you have it. 2 - The overwhelmingly unambiguous writing in the gpl itself, let alone all the other surrounding decades of writings and speaking by both the people who wrote it, and the people who chose to apply it to their own works.
Maybe yet a 3rd factor, the SFC probably isn't trying to get paid money besides maybe the cost of the trial itself and some token, all they really want is for Vizio to do what they are already supposed to do. No matter why the SFC buys a tv, Vizio still has no excuse for not doing it's part, and all the SFC wants is for Vizio to have done what it should have, and it's not even something which costs Vizio anything. If they try to argue that SFC can't show they were actually harmed, neither can Vizio show that SFC is merely seeking to harm them.
My very biased (I want it to mean this) view anyway.
In law, standing or locus standi is a condition that a party seeking a legal remedy must show they have, by demonstrating to the court, sufficient connection to and harm from the law or action challenged to support that party's participation in the case.
I suspect that is the reason. So it is not 'bad', it is just necessary in order to sue
AFAIK people have bought stuff specifically to hang lawsuits on for decades. If that was somehow improper I'd think there would be precedent against it by now.
So there have been discussions about how AI model weights may not be copyrightable because they are computer generated. Personally I disagree but there is not a clear court ruling yet and we'll have to see.
Nevertheless, practically all weights of any significance get released under various software-like licenses, either open source like Apache 2.0 or other more restrictive ones.
I wonder would this ruling be relevant to these AI weight licenses being enforceable as contracts, even if the weights cannot be copyrighted? If so, would it only work if the license actually conferred some benefit like with GPL? Any ideas?
This will (if it goes the way the SFC wants) definitely make the GPL stronger.
However, I'm worried whether this might make it so strong that companies start considering GPL-licensed content toxic.
Historically, the risk of actual, serious consequences from accidentally or negligently (and perhaps even intentionally) violating the GPL was effectively zero. The range of people who could sue you was limited and outside of a few projects, most never did.
With this, you'd have to dot your i's and cross your t's on GPL compliance, because if you got any detail wrong, random customers could start hitting you with lawsuits. (Which I'd expect to have some potentially catastrophic worst-case outcomes if they bundled third-party code under a closed license, i.e. which they cannot release under GPL, with GPL code.)
Best case, since there is so much hard-to-avoid GPL code (including the Linux kernel), we'll see much better compliance and code availability, especially around embedded devices. Worst case, we get a new class of patent-troll style parasites that use the legal system to terrorize, extort and/or bankrupt anyone who distributes anything that touched GPL software.
> However, I'm worried whether this might make it so strong that companies start considering GPL-licensed content toxic.
Why is that a problem? Many already do consider anything involving the three letters (even if there’s an A preceding them) toxic and its their problem to think through it. Nobody is forcing them to include GPL code into their products, so if they think choosing alternatives is more profitable then all the power to them.
Nit: “even if there’s an A preceding them” should definitely be “especially if there’s an A preceding them”
AGPL is considered the most toxic of all the GPL variants by most (all?) corporate lawyers because it closes off any workarounds to play well with the GPL components.
I've seen people maintain their own, incompatible forks of both of those, sometimes for quite a long time. No company maintains a fork of the entire Linux kernel in private: the closest thing is RHEL's additional hardware support, but that's basically just drivers.
Maybe they have written some kernel modules which claim to be GPL licensed to be able to access all kernel APIs unimpeded? So it’s their interesting code infringing GPL.
Maybe they modified tools, kernel or some GPL licensed tool to work with their hardware, and don’t want to spill the beans?
Maybe their engineers were lazy or rushed by management, and didn't keep things organized, so GPL code, proprietary/internal code, potentially-patent-violating hardware documentation, and secret keys all got munged together, and they figured it would be cheaper to fight a lawsuit than to carefully untangle the terabytes of junk so they can hand over the relevant code without having their digital asses hanging out.
Or drivers, possibly for devices / modules for which they are not at liberty to share the details (NDA).
Either way, such hiding should stop. There is no reason I should not be able to repair / upgrade / change the TV I bought however I wish, as long as I'm not harming others (RF). Even then, this should be my responsability.
It would cost them millons to find and package everything. This is assuming they have everything in source control and have nothing to hide (that is no code that isn't public anyway) sure you can do a git to tar.gz easy, but GNU is likely to demand the hash everything was built from which means people need to figure that out.
if they have a monorepo with non GPL code (which doesn't link to anything GPL) stripping it all out will cost a lot more.
No one in these days of cyber attacks should be shipping unknown third party dependencies. How could you fix unknown dependencies in case of severe CVE's in them ? Unknown third party dependencies are a sign of utter amateur incompetence in product development.
Once you have all third party dependencies cataloged, licence compliance should just shake out in the wash.
I think for a case like this they would assign a low level employee to make a best effort attempt at this, probably taking some sources from GitHub to match the approximate version of what they released, maybe give it a good shot for a week or two. That would probably placate the SFC at least until they realize.
If they are lucky that works out and they can maybe get by with that and the cost would be in the mid tens of thousands. However if they get caught it will come out in court, the judge will not be impressed with a half hearted effort - so a million to defend in court, plus what they lose in court which could well be forcing all their code opened as GPL.
Remember, a small meeting will cost over $1000/hour when you add in all the time for each person in this. There will be several small meetings needed to decide on course of action. There is also the opportunity cost of the employees who are doing this (or just in the meetings) instead of something that more obviously brings value.
This 1000$ meeting assumes SV programmer salaries. I can assure you that many places in the world have much smaller salaries.
Also, they are already planning to go to court to prevent releasing any code, so finding a way to spend a few thousand dollars or even a few tens of thousands to avoid court entirely would be a no-brainer.
Going to court and saying "we made an effort to appease them but these people just want too much" is much better than going to court and saying "let's settle a new area of law to determine if this people have a right to sue us for very obviously ignoring the terms of this software license".
I know they don't rely on GPL much, but what does the ruling here suggest for OSS foundations like Apache and CNCF? Specifically this part: only the author can initiate the lawsuit.
Does that mean failure to adhere to the terms of licenses like ASLv2 or MIT would could only be settled in court if the person who wrote the code actually bring suit and that OSS foundations basically become (more) toothless?
> Does that mean failure to adhere to the terms of licenses like ASLv2 or MIT would could only be settled in court if the person who wrote the code actually bring suit and that OSS foundations basically become (more) toothless?
Until now, only the authors of code have actually been the ones to bring suit against non-compliers. OSS foundations have been able to choose to provide financial/legal support to authors willing to bring suit, and I don't see why that would change no matter how this court rules.
The only question here is whether end users can bring suit, with third-party beneficiary standing. Until now, no end-user has tried. If the case succeeds, it may open the floodgates to compliance actions from end-users, but if it fails then it should have no bearing on the actions that authors and the organisations that support authors can take, as the court is not being asked to rule on any such question.
However, the result of ruling may be dependent on the intent of the license authors. The GPL, having been written by the FSF, has the explicit goal of empowering end-users, so whether end-users have third-party beneficiary standing to enforce it (and other FSF licenses) seems like a reasonable case. However, if other OSS licenses (like those authored by ASF or CNCF) do not have that as an explicit goal, and instead focus on "creating better software", then even if the ruling in this case goes in the SFC's favor, it may not automatically apply to works covered by those other licenses. Another test case might be needed to see whether end-users of those other works do have standing, and it need not turn out the same way.
The reasoning of this case rests on the intentions of the FSF when they wrote the licence. If the person who wrote the licence didn't intend you to be able to get benefits, you can't.
> The reasoning of this case rests on the intentions of the FSF when they wrote the licence. If the person who wrote the licence didn't intend you to be able to get benefits, you can't.
I contend that it does not.
It doesn't matter who wrote a license, it only matters who adopted that license when they authored a work.
The Conservancy is doing license enforcement on behalf of numerous authors and vendors of code, not authors of licenses such as the FSF or Creative Commons.
When I create a distribution of code and copy a LICENSE file into it, I take responsibility for the wording of that license. I don't foist that onto the FSF or MIT or BSD. I take responsibility for the wording, whether it is boilerplate or if I modify it after the fact.
The conservancy is not enforcing the license nor are they representing the copyright holders in this case. The conservancy is representing itself as a 3rd party beneficiary to an alleged contact.
It does matter who wrote the document, but not in the way the poster suggested. One of the arguments made in the case so far was that the FSF's view of the document should be considered, but FSF is not a party in this suit most likely intentionally.
MIT / Apache are not copyleft and do not stipulate any obligations to release modifications. There would be no basis for a third party to go after a product that incorporates software with these licenses and ask them to release it.
Not sure about the effect on big corps. There are many variables to consider. In any case, the suit is very young and non-precedential at this point. How it will ultimately turn out is extremely speculative.
GPL is more challenging in general in embedded and thus much of IoT.
If one reads the articles written by the progenital big cheeses of the early Free Software Foundation (such figures as Richard Stallman, Eben Moglen and even Bradley Kuhn of the SFC himself), it's clear both from the legalese and the marketing slogans that user empowerment was the intention. Those old articles don't give me the impression that enforcement the GPL was ever supposed to be a privilege limited to the software author, even if this was the most conventional situation for copyright infringement cases and thus the only legally viable action.
I'd posit that the SFC are being lenient, even generous with their legal action against Vizio. Suing to enforce the GPL 3.0 rather than version 2.0 would have been slightly more so, considering the "cure within 30 days" provision introduced in the GPL 3.0 family. But that is all but irrelevant considering Vizio's long-standing disregard for copyleft license compliance.