Blog - Page 5 of 6 - WP AND LEGAL STUFF

Latest Posts

A reader asks: About populating one’s site with third party content

Published by Richard Best

The question

John asks:

“My question is about using third party content in my blog. I see a lot of sites using third party content, such as news, at their own site, by simply adding the source reference and link. What are the conventions in that sense? Are we allowed to use an article from another blog/news site as long as we reference the source of the article?

Most news sites don’t seem to have any warning about that while others clearly state that this practice is forbidden at their site. For instance, I came across one of them that states the following at bottom of articles: “All rights reserved. No part of this article may be reproduced in print, electronically, broadcast, rewritten or redistributed without written permission.”

Comments

Many thanks for your question John. I assume from your question that, when you talk about using third party content and then adding the source reference and link, you’re talking about reproducing whole articles or at least substantial chunks of articles, together with the reference and link.

In the laws of a large number of countries, or at least those that are signatories to the Berne Convention for the Protection of Literary and Artistic Works or other international copyright treaties, copyright exists in original literary works such as news stories, magazine articles, blog posts and so forth. That copyright confers a bundle of exclusive rights on the author/owner of the work, including the rights to copy it and adapt it. These rights are not affected or diminished by the owner’s publication of the copyright work on the Internet. Publication on the Internet does not throw them into the public domain (in legal terms) and make them a free-for-all.

To answer your question, then, in these countries (which include the United States, European member states, Switzerland, Canada, Australia and New Zealand, among many others), copying all or a substantial part of a copyright work from another site (such as a news site) and reproducing it on your site without permission is an infringement of copyright. The third party site does not have to include terms saying ‘you can’t copy our stuff’. The absence of such a term does not mean anyone can then copy it. The addition of a reference and link back to the source does not make it any better. There are many copyright myths lurking in our urban jungles. One of them is that you can copy someone else’s work or a substantial part of it as long as you attribute them as the source. That’s not the case.

In some countries there are defences to infringement, such as fair use or fair dealing, but that’s a separate issue [update: on this point, see the comments below]. If you simply copy an article lock stock and barrel without permission, and then reproduce it on your own site, those defences usually (if not invariably) won’t save you.

So the bottom line is this: check the terms of use on the website in question. If those terms grant you permission to copy and republish, all well and good (as long as you comply with the licence terms). If they don’t or if they are silent on the point, it’s best to seek permission before copying all or a substantial part of a work, otherwise you could find yourself on the receiving end of a stroppy lawyer’s letter, or worse. That is probably all the more likely if you’re exploiting their content for commercial gain (but you don’t have to be doing that to infringe copyright).

Hope this helps. Thanks again for the question.

Negative SEO and legal remedies

Published by Richard Best

The negative SEO campaign against WP Site Care

By now, many in the WordPress community will have heard of the negative SEO campaign against WP Site Care that Ryan Sullivan, its founder, described in Negative SEO: Destroying Businesses One Spammy Backlink at a Time. On this occasion, the negative SEO attack appears to have been caused by voluminous backlinks, including a “spike in unnatural links from lots of unsavory sources over the course of a few days” which, in turn, appears to have caused a plummet in Google rankings.

Ryan explains that his company’s bottom line suffered a significant hit as a result of the lower traffic volumes to the site and that they were able to trace the backlink attack back to the source: someone within the WordPress community. He says:

“They did everything through a third-party, an internet hitman of sorts, to try and cover their tracks, but they weren’t quite careful enough and we were able to uncover where everything started.”

Ryan exercised considerable restraint in not naming any names when, it seems, he could have done so. All respect to him, I suggest, as others might have been more damning.

Purpose

The purpose of this post is to assess the legal remedies that might be available to a company in WP Site Care’s position. I’m not encouraging litigation on the part of WP Site Care or anyone else. Rather, I just want to float potential bases of liability. I’d also note that we don’t have specific information as to the kinds of keywords and specific backlinks used in the attack against WP Site Care.

This post is not limited to the kinds of negative SEO deployed against WP Site Care. I am, instead, going to discuss negative SEO in broader terms and in relation to its various kinds. I should also note that this post only scratches the surface of what can, at times, be a complex topic.

Different kinds of negative SEO

Thanks to bblumpie for the Graphic Game: Matrix image, licensed under a Creative Commons Attribution 2.0 Generic licence.

The first point to note, then, is that there are various kinds of negative SEO. I don’t profess to be an expert on negative SEO, but the various flavours appear to include these:

backlinks: the heinous use of backlinks (also known as spam links or Google bowling) where someone creates large numbers of dodgy links on other sites (we’re talking hundreds, thousands, tens of thousands or more) to your site, in an attempt to make Google treat you as a spammer;
duplicated content: duplicating an innocent site owner’s content and either getting it indexed before the innocent site owner’s site is indexed or adding the content to multiple directories, ezine sites and the like;
hacking: certain forms of hacking, such as (1) hacking a site, accessing a site’s templates and database and adding new pages with voluminous amounts of inappropriate links, or (2) altering the site’s robot.txt file to ask Google’s spiders to stop crawling and indexing the site;
false reporting to Google: repeated reporting to Google’s spam crew of an innocent website in an attempt to adversely affect the innocent website’s page ranks;
false takedown notices: sending in multiple takedown notices to an ISP or web host alleging that content on a competitor’s website is infringing copyright when the competitor’s content is actually non-infringing and the person sending the takedown notices knows that; or
fake reviews: there are various examples of fake reviews but two prominent ones are (1) where an unscrupulous person writes a large number of 5 star reviews, usually for a competitor’s site, in a manner that makes it appear as if the competitor has paid for the fake reviews, in an attempt to elicit complaints against the competitor by people who think it’s writing fake reviews, the goal being to lower its ranking in search results; or (2) where an unscrupulous person posts fake and negative reviews about a competitor’s goods or services with a view to lowering the competitor’s average popularity ranking and therefore reducing its page rank, e.g., in particular commercial services, for popularity-based searches.

Remedies

Thanks to Rae Allen for his Themis photo, licensed under a Creative Commons Attribution 2.0 Generic licence.

When faced with these sorts of attacks, often the first priority will be to shut them down or reverse the damage by, for example, complaints to Google, the use of Google’s disavow link tool, complaints to third party sites hosting spam links, technical means (where possible), and so forth. But what if your company has taken a real and demonstrable financial hit? Can it sue the perpetrator or report it to relevant authorities?

The answer is what some would say is a typical lawyer’s answer: it depends.

The availability of civil remedies (remedies for which individuals or companies can sue in court) depends on a range of factors, including:

the type of negative SEO that has been deployed against you;
the manner in which it has been deployed;
the country’s laws that apply to your situation (not necessarily an easy question in some cases);
your ability to identify the perpetrator(s);
your ability, if the perpetrator is offshore, to get him, her or it before a court; and
your ability (in some cases) to prove loss or likely harm.

In practical terms, your ability to pursue a legal remedy will also depend on whether:

you have the resources, financial and mental, to do so, as litigation and other forms of dispute resolution can be both costly and stressful; and
you have or can obtain the evidence you’ll need to prove your case.

I should also mention the criminal side of the coin. In more serious cases of negative SEO, the perpetrator may have committed a crime, in which case the relevant enforcement authorities would need to be notified (if they don’t already know) and decide whether to prosecute. For example, New Zealand’s Crimes Act 1961 contains offences for accessing a computer system for a dishonest purpose and damaging or interfering with a computer system (sections 249 and 250), the United States has the Computer Fraud and Abuse Act which criminalises fraudulent and related activity in connection with computers (18 U.S. Code § 1030), and the United Kingdom’s Computer Misuse Act 1990 contains offences for unauthorised access to computer material, unauthorised access with intent to commit or facilitate the commission of further offences, and unauthorised acts with intent to impair, or with recklessness as to impairing, the operation of a computer (sections 1-3). Many countries will have similar laws.

Returning now to civil remedies, and with all the above caveats in mind, what are the potentially available legal remedies? I’ve set out below some examples that may or may not be available or have an equivalent in your country.

Remedies in backlinking situations

In the absence of a perfect storm of facts, you’re unlikely to be able to sue a “bad backlinker” for trade mark infringement. However, if a backlinking site’s backlinks are contained within a copy of your copyright content that has been reproduced on the backlinker’s site and other sites without your permission, you may have a claim for copyright infringement and that, in turn, may (depending on your country’s laws) enable you to issue takedown notices to a search engine, ISP or web host to have the infringing material removed. Laws of various flavours that enable this exist in, for example, the United States, United Kingdom, Australia and New Zealand.

Some lawyers have argued that a deliberate backlinking campaign designed to detrimentally affect your business might also give rise to causes of action in tort for the likes of negligent conduct causing economic loss, tortious conspiracy or unlawful interference with business. Whether that is the case will depend on the precise facts of the campaign, the participants involved and the country’s law that applies to the dispute.

If backlinks point to and identify you or your site and contain words that have a ‘defamatory sting’, the backlinker may have have defamed you. For example, if you were an innocent and law-abiding WordPress consultancy but backlinks contained words like, “WPSiteManagement steals client funds”, you may be able to sue the backlinker for defamation. In some countries, the tort of injurious falsehood may also be a runner. In this sort of case you might, for example, want to seek an urgent interim injunction to require the backlinker to remove the offending links and then pursue a main action for damages.

Remedies for duplicated content

If someone has duplicated your site content (with a view to either getting it indexed before your site is indexed or adding the content to multiple directories, ezine sites and the like), that someone will in all likelihood have infringed your copyright. As mentioned above, in such circumstances you may have a claim for copyright infringement and that, in turn, may enable you to issue takedown notices to a search engine, ISP or web host to have the infringing material removed.

If your country doesn’t have such laws, you may be able to seek urgent injunctions in the courts, requiring the offending content to be removed from the third party site(s). In both cases, you may (depending on your country’s laws) be able to seek compensatory damages (which compensate you for the loss suffered as a result of the infringement) or an account of profits (where the infringer pays you an amount that is equivalent to the profits they generated as a result of using your IP).

Remedies for hacking

Depending on the country’s laws that apply, you might be able to bring a civil action against a hacker who rips into your template files and adds voluminous spammy links or brings your site down. You might have a claim under statute, or at common law (in common law countries at least), for the likes of trespass to chattels. In some countries, such as the United States, a civil action may be available under statute where a computer-related criminal offence has been committed (in the United States, see the Computer Fraud and Abuse Act, 18 U.S. Code § 1030(g); see also Civil Actions at PeterToren.com). Of course, the availability of a civil remedy and one’s ability to identify and sue the hacker are quite different things.

Remedies for false reporting to Google

If you’re the victim of false reporting to Google, you might (depending on your country) have a cause of action for the publication of false information causing pecuniary loss (in many common law countries this amounts to the tort of injurious falsehood) and/or defamation. In some countries, like Australia and New Zealand, you may also have a remedy under fair trading legislation that prohibits misleading and deceptive conduct in trade. (In Australia the legislation is the Trade Practices Act 1974; in New Zealand it’s the Fair Trading Act 1986.)

Incidentally, in some countries this sort of thing may also be a crime, at least where it can be established that loss has been caused. For example, under section 240(1)(d) of New Zealand’s Crimes Act 1961, “every one is guilty of obtaining by deception or causing loss by deception who, by any deception and without claim of right, [among other things], causes loss to any other person”.

Remedies for false takedown notices

Where you’re the victim of someone deliberately issuing false takedown notices to an ISP or web host, you might (depending on your country’s laws and the facts) have a claim against the perpetrator for the tort of injurious falsehood. In some countries, such as the United States, a civil remedy for issuing false takedown notices is enshrined in statute. For example, 17 U.S. Code § 512 says this:

“(f) Misrepresentations.— Any person who knowingly materially misrepresents under this section—
(1) that material or activity is infringing, or
(2) that material or activity was removed or disabled by mistake or misidentification,
shall be liable for any damages, including costs and attorneys’ fees, incurred by the alleged infringer, by any copyright owner or copyright owner’s authorized licensee, or by a service provider, who is injured by such misrepresentation, as the result of the service provider relying upon such misrepresentation in removing or disabling access to the material or activity claimed to be infringing, or in replacing the removed material or ceasing to disable access to it.”

In some countries, like Australia and New Zealand, you may also have a remedy under the fair trading legislation mentioned above that prohibits misleading and deceptive conduct in trade.

Fake reviews

If you’re the victim of fake reviews of the kinds described above, again you may (depending on your country’s laws and the type of fake review) have causes of action against the ‘reviewer’ for the likes of injurious falsehood, defamation or negligent misstatement. If multiple parties are involved in perpetrating the fake reviews, you might have a cause of action for conspiracy. In some countries, like Australia and New Zealand, you may also have a remedy under the fair trading legislation mentioned above that prohibits misleading and deceptive conduct in trade.

Summing up

As you can see, a range of malicious or otherwise offensive behaviours fall under the banner of ‘negative SEO’. Whilst legal remedies may not be available for all of them, for a good number of them remedies may well be available. Much will depend on the facts of a particular negative SEO campaign, which country’s laws apply and the other dependencies mentioned above. At the same time, the availability of a legal remedy and one’s ability to pursue it are different things. In addition to the dependencies I’ve just mentioned, a victim of negative SEO that wishes to claim damages for loss suffered will need the mental and economic stamina to see a claim through the courts.

If you’ve suffered loss due to a negative SEO campaign and would like to assess your legal options, I suggest you contact an IP/IT/litigation lawyer in your area, preferably one with a good understanding of the web.

Thanks to Gordon Tarpley for the Storm Troopers photo, licensed under a Creative Commons Attribution 2.0 Generic licence.

A reader asks: Taking screenshots and turning them into thumbnails

Published by Richard Best

The question

In the comments to one my posts, a reader left an interesting question, the discussion of which I thought was better off in a new post. Not only does that enable others to see it more easily but taking this path preserves the reader’s anonymity (I haven’t published the comment, for reasons he’ll understand when he reads this post).

The question was this: ‘As a hypothetical, if I create a screenshot of someone else’s website and turn it into a smaller thumbnail, how would this be considered under copyright?’ My comments on this question are below, written as if I was talking directly to the person that asked the question. I don’t limit my comments to a screenshot of someone else’s website. The screenshot might, for example, be of a single photo you see on another site.

Comments

The question you raise is an interesting one. I’ll make some comments but you’ll appreciate that this isn’t legal advice. My standard disclaimer applies. (I’m sure I’ll get tired of saying that after a while… .)

The answer to your question probably depends on the country you’re in, the country’s laws that apply and the circumstances of the generation and use of the thumbnails, including – importantly – whether the original image from which a thumbnail is made is itself a copyright work. I’ll comment on what appears to be the position in three countries to give you a flavour of the differences that can exist on this issue across jurisdictions.

United States

In the United States, in at least two cases the courts have held that the use of thumbnail images was permissible under the fair use defence that exists under US copyright law. The cases are Kelly v Arriba Soft Corp 336 F 3d 811 (9th Cir, 2003) and Perfect 10, Inc. v. Amazon.com, Inc., 487 F.3d 701 (9th Cir. 2007). They both involved image search engines. You can find a brief summary of the cases on the Electronic Frontier Foundation’s website.

Germany

In Germany, the courts appear to have delivered conflicting judgments. In a number of cases, first instance courts have held that a search engine that makes thumbnail images of copyright works to show in its search results is liable for infringing the owners’ copyright. By contrast, the Federal Court of Justice has held to the contrary on the basis of a (potentially questionable) implied consent analysis. Poetzlberger summarises it as follows: “The Court concluded that the uploading of images on the Internet, without taking any technical restrictions to block the image search function, would — from an objective viewer’s perspective — constitute consent in the use of these works” (F Poetzlberger Google and the Thumbnail Dilemma — “Fair Use” in German Copyright Law?; see also B Clark Second BGH decision on Google Image search and
Google image search results do not infringe copyright, says German court).

Australia

I’m not aware of any case law in Australia on this specific issue and I’m not going give my own view as to how Australian courts might decide it. That said, the Australian Copyright Council (ACC) has said this: “If you want to use thumbnail images, you will usually need permission from the copyright owner unless it is clear that the copyright owner is allowing you to use them in a particular way”. The ACC also noted that the fair use defence in the United States “is broader than the fair dealing exceptions currently contained in Australian law therefore the position is likely to be different under Australian law” (see its Information Sheet G116v02, August 2012, Thumbnails; see also Arthur Allens Robinson’s Copyright of ‘thumbnail’ images (August 2003) It’s also relevant to note that the Australian Law Reform Commission has recommended the introduction in Australia of a fair use exception to copyright infringement. If that recommendation were enacted, the position in Australia (assuming the ACC is right) might change.

A practical question

In countries where there is a risk of copyright infringement, there is a practical question to consider, bearing in mind that the use of thumbnails (and screenshots for that matter) is commonplace across the Internet (just think of Pinterest). The question is this: is the owner of the image you’re making a thumbnail of likely to care or might the owner even be happy about it given that it may (if the thumbnail is an image link to the owner’s website) send more traffic its way?

Depending on the context, some people might care, some might not and some might even be happy about it. It’ll likely depend on a range of factors. For example, the owner of a public-facing website of which you’re showing a homepage thumbnail will probably be less concerned than, say, a photographer whose photos you thumbnail or a trademark owner whose stylised logo you thumbnail. At the same time, note that some companies expressly regulate the use of screenshots (and arguably, by extension, thumbnails) in their terms of use. Take a look at Microsoft’s Use of Microsoft Copyrighted Content as an example and compare that with Mojang’s Minecraft End User Licence Agreement.

The answer to this question might, in a particular context, influence whether you’re willing to take a punt, as an Australian might put it. But punt as you may, if you’re infringing copyright under the laws that apply to you, you remain at risk of – at least – a cease and desist letter if the copyright owner discovers it and is unhappy about it. The simple solution in that event would usually be to remove the thumbnail image. Unless you’ve taken a heap of thumbnail images and are somehow exploiting them commercially, I suspect the likelihood of court action will be low. But then again, you never know. The choice is yours. If you want to remove risk altogether, either seek permission from the copyright owner or choose an image that you own or are licensed to use.

Happy thumbnailing.

The GPL and assumptions of automatic inheritance

Published by Richard Best

If you’re in a hurry, you can scream down to the bottom of the page where you’ll find, well, the bottom line.

Here’s the thing

There’s a smallish matter relating to the interpretation and application of the GPL that it might help to clear up. It concerns the topic of the GPL and inheritance. References in this post to the GPL are to version 2 of the GPL.

What we read on the web

When reading various articles on WordPress and the GPL, as well as articles on the GPL in other contexts (such as the Drupal context), it is fairly common to find references to ‘inheritance’, to the effect that ‘a derivative work inherits the GPL’. Here are some examples I’ve come across on the web:

“a derivative work inherits the benefits of the GPL”;
“[d]erivatives of WordPress code inherit the GPL license”;
“[i]f a plugin or theme makes a call to any WP function then that plugin or theme technically falls under GPL. Which pretty much means, any distributing theme or plugin inherits the the GPL regardless if it’s being sold or freely released”;
“if you make a derivative work of GPL licensed code, your derivative will also be licensed under the GPL”;
“[a]ccording to the GPL, code written to interface directly with Drupal (like modules, PHP code in themes, etc.) is ‘derivative work’ and automatically inherits Drupal’s GPL license”;
“GPL requires that any derivative work you release or distribute should be licensed under GPL as well. So while you may have the copyright to do anything you like, your derivative work automatically inherits the GPL license so others are free to use, modify, and redistribute your code in any way they choose”;
“[a]ny logic (PHP code, etc) built on top of WordPress automatically inherits the GPL, as it relies on WordPress. :)”; and
“the reason why plugins are GPL is because they hook into the core WordPress hooks and filters and functions…; by linking core WordPress GPL code, they inherit some of the, what’s called the virality of the GNU public licence”.

Many of these statements seem to assume or imply that a derivative work automatically inherits the GPL while others state explicitly that inheritance is automatic. Whilst these statements are understandable, strictly speaking they are not correct.

What the GPL says

The GPL is a copyright licence and, in essence, it works like this:

you can do whatever you like with the licensed program;
that includes making a work based on the licensed program (i.e., a derivative work);
but any derivative work that you distribute needs to be licensed at no charge to all third parties under the GPL.

The actual wording that the GPL uses is this:

a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change.
b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License.
… .”

Difference between downstream licensing of the original Program and subsequent licensing of a derivative work by its creator

The GPL does not say anything about the entirety of a derivative work automatically inheriting the GPL, and for good reason. A copyright licence between A and B cannot have the effect of actually licensing a derivative work by B under the same (or any other) licence. That is something that B does, not A. What the copyright licence between A and B does – what the GPL does – is require/oblige B to license distributed derivative works under the same licence, i.e., the GPL. Version 2 of the GPL says the licensee “must cause” any distributed derivative work “to be licensed… under the terms of this License”.

Now, it’s important to note that section 6 of the GPL says this:

“6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients’ exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License.”

What I’ve said above is not inconsistent with section 6 of the GPL. What section 6 is saying is that the original licensor is granting a licence over its Program not only to immediate recipients/licensees, but also to anyone who subsequently obtains a copy of the Program or a derivative work based on the Program. This is how the freedoms in the GPL are spread through multiple chains of recipients (the same thing occurs under the ShareAlike variants of the Creative Commons licences). If any downstream recipient makes a derivative work and distributes it, then that recipient is likewise obliged to license the derivative work to everyone under the GPL and, if s/he doesn’t, s/he is infringing the upstream copyright licensors’ copyright.

Note here that a derivative work consists of property owned by the original licensor(s) (let’s call them A) plus new and separate property over the new original parts of the derivative work that are created by B. The derivative work is a distinct copyright work in its own right but B doesn’t obtain property rights that are greater than B’s own contribution. As a US court put it, “[t]he aspects of a derivative work added by the derivative author are that author’s property, but the element drawn from the pre-existing work remains on grant from the owner of the pre-existing work” (Stewart v Abend 495 U.S. 207, 223 (1990)).

There are, therefore, at least two property right components comprising the derivative work. Upstream licensors can grant a licence over the component they own. However, where someone else makes a derivative work with permission (as is the case under the GPL), there is a new separate component owned by the creator of the derivative work. The upstream licensors do not own that new component and, therefore, they cannot license it. This is why a subsequent act of licensing by the person that creates the derivative work is necessary. Everyone already has the permission of the upstream licensors in relation to the upstream licensors’ component because those licensors have already applied the GPL to their copyright work(s), but that alone is not sufficient to license the derivative work as a whole. The GPL ensures that the requirement to license falls upon the creator/owner of the derivative work, but only that creator/owner can actually license the new component that s/he owns.

Because that was a bit of a legal mouthful, I thought it might help to provide a diagram:

Implications

The absence of automatic downstream licensing of the derivative work in its entirety (distinct from the automatic downstream licensing of the original GPL’d work) — the requirement for GPL licensees to actually do something — is important for two reasons.

First, people who wish to comply with the GPL but assume that inheritance of the GPL is automatic may not actually do what is required, when distributing their derivative works, to comply with the GPL. To comply, they need to retain the original notices that came with the Program as they received it and, as the GPL puts it, “cause the modified files to carry prominent notices stating that you changed the files and the date of any change” and “cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License” (clause 2(a) and (b)).
Second, if a distributed derivative work does not include a notice stating that it is licensed under the GPL (either within the program itself or in a readme file or perhaps at the point of release on a website), whether accidentally or deliberately, then the derivative work is not actually licensed under the GPL. If it’s truly a derivative work then it should be, but it isn’t.

In this kind of situation, the person who has made and distributed the derivative work has breached the GPL’s requirements. This has the effect of terminating the licence that the GPL granted to that person, with the consequence that the act of distributing the derivative work is an infringement of copyright.

You can imagine this happening fairly easily in a case where a theme or plugin, for whatever reason, is truly a derivative work and is not distributed via either the WordPress.org theme or plugin repositories or a commercial theme or plugin repository that has similar standards to those of WordPress.org. The distributing developer may not be aware of the GPL’s notice requirements or may choose, for whatever reason, to ignore them.

(There won’t be any problem for themes and plugins hosted on WordPress.org. In the case of themes, the Theme Review Handbook makes it clear that themes must be 100% GPL licensed. Similarly, the plugin submission process requires a plugin’s zip file to include a completed readme.txt file that adheres to the WordPress plugin readme file standard; that standard requires the readme file to state that the plugin is licensed under the GPLv2 or later.)

Things can get messy where a derivative work should be GPL’d but isn’t. People who should be able to use the derivative work under the terms of the GPL are not actually GPL licensed and, therefore, don’t have the legal certainty to do so. To ensure that the derivative work is properly licensed under the GPL, the distributing party needs to be asked to license it with the requisite notice and he or she must actually do so for the derivative work to the GPL-licensed.

Sometimes the distributing party will do exactly that; indeed, in some cases non-compliance with the GPL may have been entirely innocent. But in other cases the distributing party may disagree that the GPL needs to be applied (given, for example, legal uncertainty as to application of the GPL at the margins) or believe that it needs to be applied but refuse to do so for commercial or other reasons (I’m not suggesting this is commonplace). If, for whatever reason, he or she refuses to do so, and someone wants to force the issue, pressure would need to be added to the mix, either through community involvement or court proceedings.

Bottom line

The bottom line is this: GPL inheritance – the obligation to license distributed derivative works with the GPL – is not automatic. Downstream licensing is required but to put it in place the distributing derivative author has to do something, namely, include a notice with the distributed derivative work stating that the work is licensed under the GPL (as described in more detail above).

WordPress themes, the GPL and the conundrum of derivative works

Published by Richard Best

Now, I know what some readers may be thinking – ‘not another post on the GPL/theme debate’ – but I could hardly write a blog on WP and legal stuff without considering the issue and I hope there’s a point or two in here that at least some people won’t have read before. And no, I don’t try to assert that there’s a single definitive answer.

Meet ‘theme’

In the beginning (of WordPress that is) there was no separate theming system as we know it today. Rather, the theming system that we now know and love was added in version 1.5 (“Strayhorn”), in February 2005, and has been enhanced numerous times since then.

Today, the humble theme – responsible for the layout, look and feel of a site – is a key and swappable component of virtually every WordPress installation and, as most WordPress users know, for those who don’t wish to develop their own theme there is a dazzling array of readily available themes to choose from.

A handful of Genesis themes at StudioPress

Evolution of commercial themes and their licensing

As WordPress became more and more popular and as people began to see and leverage its value, it was inevitable that new business models would emerge. One such business model was the development and sale of premium/commercial themes.

Turning to the topic of licensing (and putting what the GPL may require to one side for now), the owners of such businesses could license their themes:

in their entirety under the GPL;
partly under the GPL and partly under an alternative licence; or
in their entirety under an alternative licence.

Early adopters of full GPL model

In the early days, commercial themes were not licensed under the GPL. That began to change in 2008 when Brian Gardner adopted the full GPL model for his Revolution themes (a good number of which I purchased). I distinctly remember his change in approach. It was a big deal at the time.

Brian Gardner’s Revolution themes site, which would later evolve into StudioPress

Many others followed suit, including well-known commercial theme providers like WooThemes, GraphPaperPress and Elegant Themes. At the date of writing this post, the commercial section in the WordPress.org themes directory listed 69 commercial theme providers (a number which does not seem to include all of them) who provide themes that are fully-licensed under the GPL.

Controversy and “GPL non-compliant” models

Not all commercial theme providers applied the GPL to their themes. Some applied their own proprietary licences. This ultimately resulted in an eruption of controversy in certain parts of the WordPress community as to the application of the GPL to WordPress themes. Perhaps the most publicised and memorable instance of this was DIY Themes’ initial proprietary licensing of its Thesis theme. The developer of Thesis disagreed strongly that the GPL required Thesis to be GPL-licensed while Matt Mullenweg and others argued strongly (yet, for the most part, calmly) that the GPL required just that.

The title of a post on TheNextWeb sums up just how heated the debate became: “WordPress and Thesis Go to Battle: Mullenweg May Sue”. Matt even tweeted that he would buy people a GPL’d premium theme instead of their buying Thesis. Chris Pearson and Matt debated the issue on Mixergy, with Mixergy’s owner Andrew Warner doing his best to play the role of mediator. The video of that debate is still available today (the day I write this at least) on TheNextWeb at the link above. Listening to it reveals deeply held views as to which position was correct. Matt’s earlier (and consistently held) positions can also be heard in a video on this topic on WordPress.tv: Matt Mullenweg: WordPress and the GPL.

On an expansive view of the GPL, which of the three models are considered to be GPL-compliant?

I’ve mentioned three possible licensing models above. Listening to the Pearson/Mullenweg debate might make you think there is only one option: that a WordPress theme, when distributed, needs to be licensed in its entirety under the GPL or will be non-compliant with the GPL conditions applying to WordPress itself. But even on what some would say is an expansive view of the GPL’s requirements, that doesn’t seem to be the case. Enter the Software Freedom Law Center.

Software Freedom Law Center opinion

In 2009 Matt sought a legal opinion on the GPL/theme issue from the Software Freedom Law Center (SFLC). You can find it in his post of 2 July 2009, Themes are GPL, too. Matt summarised the SFLC opinion in one sentence: “PHP in WordPress themes must be GPL, artwork and CSS may be but are not required.”

For me, the essence of the opinion is found in these two paragraphs:

“On the basis of that version of WordPress, and considering those themes [that is, the classic and default themes] as if they had been added to WordPress by a third party, it is our opinion that the themes presented, and any that are substantially similar, contain elements that are derivative works of the WordPress software as well as elements that are potentially separate works. Specifically, the CSS files and material contained in the images directory of the “default” theme are works separate from the WordPress code. On the other hand, the PHP and HTML code that is intermingled with and operated on by PHP the code [sic] derives from the WordPress code.

…

In conclusion, the WordPress themes supplied contain elements that are derivative of WordPress’s copyrighted code. These themes, being collections of distinct works (images, CSS files, PHP files), need not be GPL-licensed as a whole. Rather, the PHP files are subject to the requirements of the GPL while the images and CSS are not. Third-party developers of such themes may apply restrictive copyrights to these elements if they wish.”

So, if one accepts the SFLC opinion, there are two GPL-compliant licensing models for distributed WordPress themes:

licensing a theme in its entirety under the GPL; or
applying a “split licence” to the theme (under this licence, the PHP code and integrated HTML are covered by the GPL with the rest of the author-created components (such as the CSS and images) being covered by alternative and usually proprietary terms).

The corollary is that commercial themes that are licensed on an alternative basis are GPL non-compliant.

(The split licensing model is the approach that has been adopted for the vast majority of WordPress themes on ThemeForest (which, for most practical purposes, usually limits use of the theme to one site), despite the fact that it’s now possible for a ThemeForest theme author to apply the GPL to a theme in its entirety. It has also been adopted by a number of other commercial theme providers.)

The million dollar question

But the million dollar question remains: was the SFLC’s conclusion regarding application of the GPL to WordPress themes correct? How did the SFLC come to the conclusion it did and is it necessarily correct that a premium theme must be at least split-licensed? This is a significant question as it seems that, for many, the SFLC opinion has become something akin to ‘GPL/theme gospel’.

The SFLC’s opinion has been written in fairly approachable and succinct terms that make it easy to read. The cost of such brevity is that it does not address key aspects of applicable copyright law in any detail. Rather, a particular version of applicable law appears to be assumed. This has not been lost on certain sections of the WordPress community. There have been some vocal disagreements with the SFLC opinion.

In discussing this broad question, I’m going to try to unpack things a little so as to put the debate in what I consider to be its correct legal context.

Cart before horse

If we stand back for a moment from the SFLC opinion and consider the debate more broadly, we can see that many discussions and views as to why WordPress themes need to be GPL-licensed (either completely or in part) have launched straight into the question of whether a theme is “derivative of WordPress” or “derived from WordPress” and why, technically, that is believed to be so, without any real discussion of the applicable copyright law and what it means in legal terms for something to be a derivative work (or, in other words, what the legal test for a derivative work is). This, with respect, is to put the cart before the horse. The discussion can become technical, philosophical and/or emotional but without proper appreciation and application of the governing legal principles.

Correct approach

To analyse the situation correctly, I think one needs to identify the relevant area of law, explain the applicable aspects of that law and how they relate to the terms of the GPL, and then apply that law and the terms of the GPL to the issue in question. (Please note that I’m not saying that the SFLC didn’t do this. Their opinion will, in all likelihood, be the output of a longer and more involved analysis behind the scenes.)

Relevant area of law

The relevant area of law is copyright law. Some have argued that the GPL is (also) contractual but that is unlikely to be the case, at least in common law jurisdictions (see, for example, P Jones The GPL is a License, not a Contract, 3 December 2003; Software Freedom Law Center Guide to GPL Compliance, 2nd Edition, 31 October 2014, pp. 16-17).

So, we’re focusing now on questions of copyright. WordPress, as an overall software program consisting of a set of files (including in my view its default themes which come bundled with it), is a copyright work, either as a complete set of code or as a compilation of component files. The owners of the copyright are numerous. Ownership does not lie with a single person or entity. It lies with its contributors. (The WordPress Core Contributor Handbook states that, “[a]s a contributor, you retain the copyright to your code, however by submitting it to trac you are releasing it under the GPLv2”.)

Simple summary of applicable aspects of copyright law

It is because WordPress is a copyright work that people need permission to copy it or modify it or distribute it. In many if not most legal systems, these acts are restricted acts that can only be exercised by the copyright owner(s) unless permission is granted allowing these acts to occur (or unless there is a statutory defence to infringement). This is where the GPL comes in. It is the means by which all the component parts of the WordPress software can be licensed under a common licence that allows copying, modification and distribution. In other words, the GPL is the means of granting permission for acts which would otherwise by prohibited as a matter of copyright law.

On a copyright analysis, it is vitally important to appreciate that the freedoms granted by the GPL are only required by people building something that will work as part of, with, or on top of WordPress (such as a theme or plugin) when, in copyright law terms, they are doing a restricted act. The most relevant restricted acts are copying the licensed program or a substantial part of it, modifying it (i.e., creating a derivative work) and distributing it. If a person’s actions do not constitute a restricted act, the person is not constrained by copyright and – significantly – is not bound by the terms of the GPL that require downstream GPL licensing upon distribution or publication of a work that “contains or is derived from the Program or any part of it”.

Copyright-related issues

It follows that the broad copyright-related issues that arise when a person develops a WordPress theme for distribution are (or at least include) these:

1. Does the creation and distribution of the particular WordPress theme involve what copyright law would characterise (by reference to the copyright and GPL’d WordPress software) as one or more restricted acts?

2. If the answer is no, the copyright analysis ceases. But if the answer is yes, is there any defence to what would be an actionable copyright infringement where the theme is developed and distributed without permission from the copyright owners?

3. If the creation and distribution of the WordPress theme does involve a restricted act and there is no defence, permission to undertake the relevant act(s) is required. This, in turn, requires adherence to the GPL and that, in turn, raises the question as to what the GPL requires, in the particular circumstances, as to downstream licensing.

WordPress theme development and restricted acts

As noted above, in many if not most legal systems, restricted acts include copying a substantial part of a work or making a derivative work (a work based on the original work). In the context of WordPress themes and the GPL, most of the argument usually centres on whether a derivative work has been made. This is because the GPL share-alike requirements turn (for the most part) on the existence of a distributed modification/derivative work. (We can put mere copying (of all or a part) of WordPress, without distribution, to one side as the GPL expressly allows this without limitation.)

The derivative work question

Before I get into the guts of this issue, I should note that there is a preliminary question as to whether the GPL’s downstream licensing obligation only applies to “derivative works” in orthodox legal terms as opposed to potentially broader wording in the GPL itself. If a broader test applies, the propagation requirements of the GPL would kick in more easily (making it easier to argue that themes are caught by the GPL), but many commentators consider it reasonably clear (and I tend to agree) that the GPL’s authors were focusing on derivative works in orthodox legal terms. (For a far more erudite discussion of this point, see L Determann’s Dangerous Liaisons – Software Combinations as Derivative Works? – Distribution, Installation, and Execution of Linked Programs under Copyright Law, Commercial Licenses, and the GPL (2006) 21 Berkeley Tech LJ 1421. See also L Rosen Open Source Licensing: Software Freedoms and Intellectual Property Law (2004), chapter 6, page 120.)

If we turn now to the SFLC opinion, how does it deal with the derivative work question? It states in strong terms that at least the PHP components of a theme “are derivative of WordPress” but the analysis appears to be based primarily on a technical linking/interdependence or communication analysis, on the assumption that that is the accepted legal test in this context. This is the point that lies at the heart of the debate, as the legal correctness of this approach to ascertaining whether there is a derivative work (i.e., as a matter of copyright law) is not universally accepted. It has, for example, been strongly debated in both the US and the UK (see, for example, L Rosen’s 2003 article When is one program a “derivative work” of another? and A Katz’s 2007 article GPL – The Linking Debate (available to members of The Society for Computers and Law)).

Those who argue that the above approach doesn’t reflect current (US) copyright law note the statutory definition of “derivative work” and what some courts have said must exist for a work to be derivative of another. 17 USC 106(2) defines “derivative work” as:

“‘derivative work’ is a work based upon one or more preexisting works, such as a translation, musical arrangement, dramatization, fictionalization, motion picture version, sound recording, art reproduction, abridgment, condensation, or any other form in which a work may be recast, transformed, or adapted. A work consisting of editorial revisions, annotations, elaborations, or other modifications, which, as a whole, represent an original work of authorship, is a ‘derivative work’.”

Commentators have observed that “courts have determined that to be derivative, a computer program must be substantially similar and in some form include a portion of the copyrighted work” (M Valimaki’s GNU General Public License and the Distribution of Derivative Works [2005] JILT 6 (2005) at para 3.1).

This “test for derivative work” issue is perhaps the most complex and controversial aspect of the GPL in practice. Developers, affected businesses, their lawyers and interested academics all have and are entitled to their opinions, but there are almost as many opinions as there are theme shops because a range of different arguments can be made (see and compare, for example, Valimaki (cited above), T Gue’s Triggering Infection: Distribution and Derivative Works under the GNU General Public License (2012) (1) Journal of Law, Technology & Policy 95, C Bennett’s WordPress Themes, GPL, and Copyright Case Law post from 2010, and P Enrique’s 2014 piece WordPress is GPL, must your plugin be as well?).

Who is right?

So who is right? Well, I like the words of Van Lindberg in his book Intellectual Property and Open Source: A Practical Guide to Protecting Code (O’Reilly, 2008), a book that Professor Lawrence Lessig has described as “clear, correct and deep”. Van Lindberg says this (I like the honesty of the bit I’ve emphasised):

“… there is a persistent issue that won’t go away – whether linking programs together creates a derivative work. If linking creates a derivative work, the GPL applies to the linked program; otherwise, the GPL doesn’t apply.
…
In legal practice, this arises as a common concern of clients just getting into open source. This questions is usually phrased as either, ‘Can I load and use a GPL-licensed library without applying the GPL to my application?’ or, ‘Do I have to apply the GPL to my plug-in for a particular program if that program is licensed under the GPL?’
…
I won’t keep you in suspense; the short answer is that we don’t know. For a longer, perhaps more satisfying answer you can skip to the end of the chapter [where he expresses some opinions], but this is a very complicated question.”

Gue makes a similar comment:

“Commentators diverge widely as to whether dynamic linking creates a derivative work. The inconsistency is so great that one commentator has lamented that ‘there appear to be no definitive answers to the question of what constitutes a derivative work under the GPL, not even from the holders of the license in question.’”

The reason we don’t truly know the answer is that the courts haven’t decided a case that is squarely on point (there are potentially analogous cases, of course, but – as far as I’m aware – no GPL or similar case directly on point). It is only the courts (in the absence of legislative intervention) that can finally determine the matter. Courts might apply what some might say are orthodox notions of what it means for something to be a derivative work or they might incrementally (some might say dangerously) develop the law on this point but we just don’t know. And even if the courts of one country made a definitive ruling on the point, courts in other countries – where other lawsuits might be commenced – could decide differently. As a result, uncertainty remains.

Don’t assume equivalence

I should make another point, and that is that not all themes (or plugins) are made equal. So far as themes are concerned, we might need to consider different kinds of scenarios, such as:

a Thesis-style scenario where, apparently, lines of code were copied directly from WordPress (something I can’t personally confirm);
another scenario where someone takes the latest default theme bundled with WordPress (which must be under the GPL) and then modifies it and distributes it; and
a more complicated scenario where there is no copying of the GPL’d WordPress code at all (assuming, in practical terms, that that’s possible).

The legal conclusions across these three scenarios could be different. I think we need to recognise that.

To what extent does it really matter?

All the above said, and whilst having reasonable certainty as to the application of the GPL to premium themes is desirable, I suggest that, for practical purposes, it is not by itself decisive as to whether a theme owner may wish to GPL-license (or at least GPL split-license) its theme. In other words, the relevant considerations are not only legal ones. Let me explain.

The core WordPress team confers practical benefits on the providers of full-GPL’d premium themes (e.g., promotional blog posts and a listing in the commercial section of the themes repository) while (at least historically) showing a perhaps surprising level of ‘displeasure’, shall we say, not only towards those who do not release premium themes under a GPL licence at all but also (at one time) to those who only apply a split licence (despite this being consistent with the SFLC opinion). Admittedly some years ago now, that displeasure took the form of, for example, online criticism and rejection of ThemeForest members from a WordCamp (see J Caputo’s Automatically Blackballed and Un-Blackballed).

I think the GPL/theme debate has reached the stage where it’s fair to say that a significant proportion of the WordPress community now frowns upon premium theme providers who either don’t GPL-license at all or (probably to a lesser extent) split-license their themes. That mightn’t be good for business and that, for some, may be the bottom line. For some people, this frowning may be caused by a particular view of what the GPL requires but for others – and I think this is a particularly important point – it may be caused by a recognition of the enormous opportunities that WordPress makes possible and the open source spirit and generosity that pervades much of the WordPress community. I think we’ve reached the stage where, for some people, this is more about a community norm than it is about a strict reading of the GPL (not to mention the tedium of listening to more and more competing GPL arguments when, ultimately, only a court can decide).

The counter-argument to my point above, that not applying the GPL could be bad for business, is that GPL-licensing will encourage on-selling of themes by those who didn’t design them to the detriment of the theme designers. This counter-argument doesn’t appear to carry much weight. It’s true that such activity does occur but, generally, on-sellers cannot provide the support and upgrades that the premium theme developers provide. That is often what people pay for. This is a point that Matt has made repeatedly. At least in my own experience as a purchaser of many premium themes and plugins, I think he’s right.

One last thing…

The GPL/WordPress theme debate has fueled all sorts of comment, discussion and, at times, acrimony. After much of the 2009/2010 debate had aired, Mark Jaquith (a lead WordPress developer) stepped in on 17 July 2010 with Why WordPress Themes are Derivative of WordPress, a post that, at least from a technical perspective, sounded compelling. It certainly made me think and probably resulted in the loss of further brain cells as I tried to assimilate his helpful and well-crafted words into the morass of competing arguments. Mark’s firm view was that themes were derivative of WordPress:

“It is the position of the WordPress core developers that themes cannot be considered wholly original creations even when they don’t copy large sections of code in from WordPress. Theme code necessarily derives from WordPress and thus must be licensed under the GPL if it is distributed.”

I almost fell of my seat, then, when I discovered Enrique’s January 2014 piece WordPress is GPL, must your plugin be as well? In this post, Enrique strongly contests the view that plugins must be GPL’d as well. The only comment made on the post appears to have been made by Mark Jaquith himself. Assuming the comment is genuine, this is what he said:

“Very well argued. My thinking on this matter has evolved since I wrote my post, 3+ years ago. The thing about the GPL is that it is a legal hack. For it to work, it relies on legal concepts like what constitutes a derivative work. And while some plugins could unambiguously be derivative works, I no longer think they must necessarily be so, and I suspect the majority would not be considered derivative works (by a US court, at least). Same goes with themes with the caveat that themes are more likely to contain code lifted from WordPress, so they might veer towards derivation more often than plugins do.”

I was surprised to read this and it doesn’t mean the issue has gone away but, to me, it speaks of pure honesty and integrity. It recognises that not all themes are created equal. And it recognises the important role that the courts have to play. That’s all I have to say.

The legal risk of continuing to email someone who unsubscribes from your email list

Published by Richard Best

Let’s set the scene

In all likelihood, and for good reason, WordPress is the most popular blogging tool/CMS for those who wish to engage in online content marketing with a view to building an email subscriber list and sharing valuable content with those who have subscribed. These days, there are countless integrations between WordPress and email campaign providers like MailChimp and Aweber, it’s easy to enable social sharing, membership sites can be built with WordPress fairly easily, it’s easy to enable digital downloads, the list goes on.

For this reason, many WordPress users will be collecting email addresses, sending email newsletters and campaigns, and so on.

I turn now to Pat Flynn’s superb Ask Pat podcast, a spin-off of his Smart Passive Income blog and podcast. I do that because it was an episode of his podcast that gave me the idea for this post (thanks Pat). For those who don’t know, in his Ask Pat podcast, Pat takes recorded questions from members of his audience and answers them in the podcast.

In episode #212, John (a member of Pat’s audience) asked about following up with individuals who unsubscribe from your email list or podcast. Understandably Pat explained his view that, when people unsubscribe, that means they don’t want to receive any more emails and so to follow up with them with another email doesn’t make sense. I couldn’t agree more with Pat’s view. It’s just not a civilised thing to do. But some people do it nevertheless.

The risk those people run

In many countries, there’s another potential reason, a legal reason, not to do this. The potential reason is that continuing to email someone who has unsubscribed could result in your breaching anti-spam laws. That, in turn, could result in the unsubscribed getting stroppy with you (they might even bad-mouth you about legislative non-compliance on Twitter or Facebook) or complaining to whatever agency or authority enforces your anti-spam laws.

Not every country in the world will have anti-spam laws but a good number do. See, for example, this list on Wikipedia and this list maintained by MailChimp. In many if not most countries, the focus is on unsolicited commercial electronic messages or unsolicited direct marketing (e.g., New Zealand, Australia, United States, United Kingdom, Canada). In some countries, the primary purpose of the message needs to be commercial (e.g., the United States’ CAN SPAM Act; on this point see the Federal Trade Commission’s CAN-SPAM Act: A Compliance Guide for Business). In others (such as Australia, Canada and New Zealand) it suffices if a purpose (i.e., one of the purposes) is commercial. Messages can be commercial in nature, for example, when they are offering, advertising or promoting goods or services. This would include, for example, emails that promote the sale of ebooks, online courses, commercial themes and plugins, or WordPress consulting services.

Some countries have adopted an opt-out approach to their anti-spam laws, under which a business can send commercial messages unless the recipient informs the sender that it no longer wishes to receive them (United States). Others have adopted an opt-in approach, under which commercial emails can only be sent to people who have consented to receiving them (which in many countries can be actual or implied/inferred) (e.g., Canada, Australia, New Zealand, United Kingdom, other European Member States).

Now, here’s the important point: when a person unsubscribes from your email list, that person will be opting out or withdrawing consent previously given. To continue sending commercial emails to that person would amount to your sending unsolicited commercial messages which, in turn, would likely result in your acting unlawfully.

For example:

section 5(a)(4) of the US CAN SPAM Act 2003 states that ‘if an email recipient makes a request using an unsubscribe mechanism not to receive some or any commercial electronic mail messages from a sender, then it is unlawful for the sender to initiate the transmission to the recipient, more than 10 business days after the receipt of such request, of a commercial electronic mail message that falls within the scope of the request’;
under section 9(2) of New Zealand’s Unsolicited Electronic Messages Act 2007, ‘if a recipient uses an unsubscribe facility…, the recipient’s consent to receiving a commercial electronic message from the sender is deemed to have been withdrawn with effect from the day that is 5 working days after the day on which the unsubscribe facility was used’; and
under section 11(3) of Canada’s Anti-Spam Law, a person who sends a commercial electronic message must ensure that effect is given to an unsubscribe indication ‘without delay, and in any event no later than 10 business days after the indication has been sent, without any further action being required on the part of the person who so indicated’.

So there you have it. In many countries Pat’s sense or what’s right and wrong is entirely consistent with, and is buttressed by, legal prohibitions on sending unsolicited commercial messages, or spam for short.

Using the WordPress trademarks for your business, product or service

Published by Richard Best

Introduction

If you’re a budding WordPress developer, designer or entrepreneur, you may be whipping up a creative storm and readying it for release. It might be a theme shop, a Gravity Forms-quality plugin, a WordPress-tailored hosting environment, a WordPress support agency or an app-making platform. The product or service is nearing release and you’re amping to “get it out there”. You love WordPress and you want to sing its praises from the rooftops, including in some way in the naming, description or marketing of your product or service. What better way to access your target audience than by using “WordPress” and its associated marks left, right and centre. Right?

Well, before you go using the WordPress name and logo in your naming and marketing, you might want to note that Automattic Inc and (more significantly now) the WordPress Foundation have a bunch of trademarks. Make sure you stay on the right side of the line of what’s permitted and what’s not. To help you understand all this, I’ll explain what a trademark is, Automattic’s and the WordPress Foundation’s WordPress trademarks, the enforcement of trademark rights, Automattic’s transfer of certain trademarks to the WordPress Foundation and key aspects of the Foundation’s Trademark Policy.

What is a trademark?

A trademark is, in essence, a brand or logo. Trademarks enable businesses to distinguish their products and services and to create a distinctive and hopefully memorable brand that customers associate with those products and services.

Thanks to John Eckman for sharing this photo under a CC BY-SA 2.0 Generic licence.

Trademarks can include, for example, words, logos, colours and shapes or a combination of these things. Although registration is not mandatory, it has several advantages. As the United States Patent and Trademark Office explains, these advantages include “notice to the public of the registrant’s claim of ownership of the mark, legal presumption of ownership nationwide, and exclusive right to use the mark on or in connection with the goods/services listed in the registration”. In many countries, having a registered trademark for your product or service usually provides you with greater or more readily enforceable rights than you might otherwise have for your product or service. Trademarks can be valuable business assets.

Automattic Inc’s WordPress trademarks

Thanks to Scott Beale for sharing this photo under a CC BY-NC-ND 2.0 licence.

Thanks to Scott Beale for sharing this photo under a CC BY-NC-ND 2.0 Generic licence.

Automattic Inc was formed in 2005 (you can find the Delaware corporation’s details by searching on “Automattic” at https://delecorp.delaware.gov/tin/GINameSearch.jsp). Over the years, Automattic has registered (or sought registration for) at least the following WordPress-related trademarks (it has also applied to register trademarks for the likes of JETPACK and CODE POET but I don’t list them here):

WORDPRESS, as a word, in relation to “[d]ownloadable software program for use in design and managing content on a website” (serial number 78826938, filed on 1 March 2006 and registered on 23 January 2007);
WORDPRESS, as a standard character mark, in relation to “[d]ownloadable software program for use in design and managing content on a website” (serial number 78826734, filed on 1 March 2006 and registered on 23 January 2007);
W WORDPRESS, the current word mark/logo consisting of the stylised W and WordPress, in relation to “[d]ownloadable software program for use in design and managing content on a website” (serial number 78826938, filed on 1 March 2006 and registered on 23 January 2007); and
W, the stylised W word mark/logo, in relation to “computer software for use in design and managing content on a website and enabling internet publishing” (serial number 85023661, filed on 26 April 2010 and registered on 5 July 2011);
JETPACK WORDPRESS.COM (serial number 86233988, filed for registration on 27 March 2014; according to TESS (see below), this one was abandoned in October 2014).

(You can find the United States Patent and Trademark Office’s records of the trademark filings at the United States Patent and Trademark Office’s Trademark Electronic Search System (TESS).)

Enforcement of rights

In the early days of WordPress, it was fairly common for WordPress advocates and budding WordPress entrepreneurs to use the name “WordPress” in their domain names, site names and even business names, regardless of this being inconsistent with Automattic’s rights in the name.

Automattic sought to put a stop to that fairly early on, as it was perfectly entitled to do. For example, a blog post by Andy Wibbels in October 2006 records the text of an email that an employee of Automattic Inc is said to have sent to a site owner that was using “WordPress” in its domain name and product without permission. Automattic is said to have asked the recipient to stop using its trademark to market the recipient’s services and to have asked how long it would take the recipient to change the name of its site and product (see WordPress is a Registered Trademark of Automattic, Inc).

More recently WPTavern’s Jeff Chandler has also explained, in a helpful post on the subject in which he reproduces an email exchange with someone who unwittingly used “WordPress” in its domain name, that he “usually send[s] out a friendly email to anyone violating the trademark as it’s best to deal with it early versus having that domain be established” (see Friendly Reminder About The WordPress Domain Trademark, 20 July 2013).

Transfer of WordPress trademarks to the WordPress Foundation

Thanks to Eva Blue for sharing this photo under a CC BY 2.0 Generic licence.

On 9 September 2010, Matt Mullenweg announced that Automattic had transferred the WordPress trademark to the WordPress Foundation, “the non-profit dedicated to promoting and ensuring access to WordPress and related open source projects in perpetuity”. As Matt noted on his blog, this meant that the most central piece of WordPress’s identity had become fully independent from any company.

This was, as Matt noted, a pretty dig deal, as Automattic – a commercial organisation – had donated one of its most valuable assets and ceded control of it to a non-profit organisation.

Why did Automattic do this? This wasn’t, after all, the approach that most commercial enterprises would take to a valuable business asset. The answer to why Automattic did it is this: it was in the best interests of the wider WordPress community. This is how Matt put it:

“Automattic might not always be under my influence, so from the beginning I envisioned a structure where for-profit, non-profit, and not-just-for-profit could coexist and balance each other out. It’s important for me to know that WordPress will be protected and that the brand will continue to be a beacon of open source freedom regardless of whether any company is as benevolent as Automattic has been thus far.”

(For earlier encouragement for Automattic to do this, see F Branckaute’s Automattic, Inc: The Time To Return WordPress To The Community Has Come, 13 July 2007) . I don’t know whether that encouragement was relevant to Automattic’s decision.)

Cool, so I can use the WordPress trademark right?

Steady on… not so fast. If you want to use a WordPress trademark you’ll need to make sure you comply with the WordPress Foundation’s Trademark Policy. The key points to note are these:

You need to obtain permission from the WordPress Foundation to use the WordPress or WordCamp name or logo as part of any project, product, service, domain or company name (the Policy explains the circumstances in which the Foundation will grant permission).
Do not use WordPress or WordCamp as part of a top-level domain name. (If you look at the separate Domains policy, you’ll see that the primary concern is with top-level domains. That page states that “‘WordPress’ in subdomains is fine, like wordpress.example.com”. It should follow, I would have thought, that using “wordpress” in a subfolder, e.g., example.com/wordpress, is equally fine.)
The Policy allows you to use the WordCamp name and logo in the following situations: you are using the logo on the official site for a WordCamp that has been approved by WordCamp Central or you are using a graphic provided by a WordCamp to promote the event or the fact that you are attending, speaking, volunteering, or sponsoring the event.
All other WordPress-related businesses or projects can use the WordPress name and logo to refer to and explain their services, but they cannot use them as part of a product, project, service, domain, or company name and they cannot use them in any way that suggests an affiliation with or endorsement by the WordPress Foundation or the WordPress open source project. This is an important distinction to grasp. The WordPress Foundation is saying that, whilst you cannot use WordPress as part of a business / product / service name, you can use it to describe the business / product / service. The Policy provides these helpful examples:

“For example, a consulting company can describe its business as ‘123 Web Services, offering WordPress consulting for small businesses,’ but cannot call its business ‘The WordPress Consulting Company.’ Similarly, a business related to WordPress themes can describe itself as ‘XYZ Themes, the world’s best WordPress themes,’ but cannot call itself ‘The WordPress Theme Portal.'”

Similarly, it’s OK to use the WordPress or WordCamp logo as part of a page that describes your products or services, but it is not OK to use it as part of your company or product logo or branding itself.
The abbreviation “WP” is not covered by the WordPress trademarks, meaning people may use as they see fit. (This is why you’ll see WP being used in so many different ways across the WordPress ecosystem, e.g., WPTavern, WPMU DEV, WP Engine, WP Elevation, Wpshower, WP Valet, WP and Legal Stuff, and so forth. The same can be said for the word “Press”, e.g., StudioPress, WerkPress, TablePress, Marketing Press, AppPresser and so on.)
When in doubt, contact the WordPress Foundation (or a trademark lawyer) for clarification (something which, perhaps, some of the companies listed on Open Corporates with “WordPress” in their name should have done or may wish to do).

Just one other thing. When you are allowed to and wish to use a WordPress logo, make sure you use the right one. You can find them at wordpress.org.

The GPL and the story of WPScan and Vane

Published by Richard Best

The debate

By now, many in the WordPress community will have heard about the WPScan/GPL debate. Personally I was a bit late to the party on this one but, thanks to a tweet from ManageWP this morning, I’ve now read a bit about it.

I’m not expressing a legal conclusion

Now, I don’t want to wade into this specific debate and try to express a legal view on what’s right and wrong here because I don’t know the facts well enough. Instead, I’m just going to state a few propositions that I believe reflect copyright law (in many countries) and the requirements of the GPL. I leave open how they might apply to this situation and, to be clear, I’m not providing any legal advice to anyone that reads this post. My usual disclaimer applies (I know that sounds a bit OTT but I’m just exercising a lawyer’s caution).

The propositions

So, without further ado, here are those propositions I mentioned:

Sole copyright owner can do what she wants: A person (or company), lets call her A, that owns all copyright in a new work (such as a software program) is entitled to release that work under whatever licence or licences she chooses. (The words “all copyright in a new work” are important, as we’ll see below.)

Multiple licensing is OK: A may license this work (one in which she owns all the copyright) under the GPL or under a proprietary licence or both. Applying the GPL to the work does not prevent A from subsequently licensing the work under a different licence. This is because she is the owner and because she has not, by licensing it earlier under the GPL, granted an exclusive licence which would otherwise prevent her from licensing it to others by alternative means. As the sole owner of the copyright work, she has the exclusive right to do ‘restricted acts’ (acts such as copying, adapting and distributing the work, and licensing others to do these things) as she pleases.

Recipients of GPL’d version get the GPL freedoms: At the same time, anyone who obtains the work under the GPL is entitled to exercise the freedoms that the GPL confers in relation to the GPL’d version. The existence of a different licence over another version (regardless of whether the content is the same) is irrelevant.

A continues development as owner, not licensee: When A, the owner, continues development on her own work that she has GPL licensed, she is not making a derivative work of someone else’s copyright work. If she was, she would be obliged to obey the GPL’s downstream licensing requirements. But she is not. She is adapting her own work. Let’s look at the language of version 2 of the GPL. The (in)famous clause 2(b) says this:

“2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions:
…
b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License.”

This is an obligation cast on licensees by the licensor, A. The “You” in this clause refers to licensees, not the licensor (A).

But if A’s work is a derivative work of a GPL’d work, the GPL licensing requirements kick in on distribution: However, things can get trickier than this. If the work in question is actually a derivative work of someone else’s, or other people’s, GPL’d work, A (in this discussion) would be a licensee. She needs a licence to make that derivative work. The GPL authorises this but on the clear condition that her derivative work, when distributed or published, contains the GPL licence statements and is licensed for use by others under the GPL. Now, to the extent that she develops her own original code, she is the owner of that code, but the derivative work actually consists of two copyright components: the original GPL’d work (or part of it) and the new code. A does not obtain property rights in the derivative work that are greater than her own contribution. If she doesn’t obey the GPL’s requirements, her distribution of her derivative work becomes an infringement of the original owner’s copyright.

What if A’s solely owned GPL’d work is contributed to by developers who license their contributions under the GPL? What about the scenario where A’s work, when initially licensed under the GPL, contained only A’s code (and couldn’t be said, for argument’s sake, to be a derivative work) but is subsequently contributed to by other community members (let’s call them B, C and D) who, because they’re contributing to GPL’d code, license their contributions under the GPL. Assuming that these contributions qualify for copyright, the resulting work is now a collection of different property rights. No longer can A be said to be the sole owner of the resulting work. At this point, A’s ability to license the resulting work under whatever licence she chooses, when she distributes or publishes the resulting work, falls away. It falls away because, as she is now a co-contributer (even if the primary one), she is bound by the obligations cast on her under the GPL by B, C and D in their position as licensors. Going back to the wording of clause 2(b), she is now a “You” and, as a result, must “cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License”. The “Program” here is B’s contribution. And C’s contribution. And D’s contribution. The ‘resulting work’ I mentioned above now contains the Programs of B, C and D (or, perhaps in some cases, parts of them). A can still license her original work (i.e., without B, C and D’s contributions) under any licence she chooses, but the same does not apply to the resulting work that contains B, C and D’s contributions.

What if A’s solely owned GPL’d work is contributed to by developers who assign copyright? But wait, there’s another scenario. It’s the same as the previous scenario but, instead of B, C and D licensing their new original contributions under the GPL, they are required by a contribution agreement to assign any copyright in their code to A upon submission. In this scenario, A remains the owner of all copyright in the resulting work. Because she remains the sole owner, she can continue to license the resulting work under whatever licence she likes.

What if Mr X obtains GPL’d version 1 but A licenses version 2 under a proprietary licence? Now, what is the position where A licenses version 1 under the GPL, A subsequently decides to apply a proprietary licence to version 2 of the work in circumstances where she can as full copyright owner, and a developer, let’s call him Mr X, wants to copy and adapt the original GPL’d work and then sell it. Mr X is perfectly entitled to do so and it would be quite wrong (in my view, anyway, and certainly from a legal perspective) to castigate Mr X as a pariah or anything of the sort. If you play in the GPL sandpit you need to understand the sand it contains, what you’re getting into and what licensees are entitled to do when they’re in there with you. A’s act of subsequently applying a different, proprietary licence to version 2 of the work (either a version with the same content or a truly new version) does not have the effect of revoking the GPL that applied to the original work. The GPL is generally considered to be irrevocable which means that anyone who obtains a copy of a GPL’d work may exercise the freedoms that the GPL grants, subject only to complying with its conditions.

What if Mr X took a newer version licensed under a proprietary licence? If, in this same general scenario (i.e., where A owns all the copyright), Mr X took a newer version of A’s software that was only licensed under a proprietary licence, and sought to use it in a way that went beyond the permissions in that licence, Mr X would be infringing A’s copyright.

Let’s close

I think that’s enough for now. I hope it’s helpful and doesn’t ignite further flame wars. Let’s not forget that we’re all here together on this pale blue dot, a dot that has more web-related and open-sourced opportunities for us all than it did before Michel Valdrighi, Matt, Mike Little and the many others got stuck into WordPress and made it the fantastic CMS it is today.

As I’ve said above, I’m not commenting on the specific facts of the WPScan case. I don’t know the specific facts in relation to the codebase, whether it was a derivative work in the first place, who contributed how much code to it and so forth, and so can’t purport to express a legal conclusion on it. I’ll leave that to others with more information than me. Good luck (as these questions can be tough at times for everyone involved).

Understanding the GPL licensing of WordPress

Published by Richard Best

(Note: I wrote this post before I learned of the WPScan debate. Nothing in this post was written with that debate in mind. I’ll leave that for the next post… .)

Licensing

As I’ve noted previously, WordPress is licensed under the GNU General Public License (GPL), version 2. The text of version 2 of the GPL has accompanied every release of WordPress since its inception, in the license.txt file included in each download. Originally, and until version 3.2 of WordPress, the license.txt file was a verbatim reproduction of the GPL, with no reference to b2 or the WordPress contributors. Matt and his co-developers had, instead, included full attribution to b2 and Michel Valdrighi in the readme.html file included with each download. For example, in the open source spirit that pervades the WordPress community and which Matt has championed from the outset, the readme.html file in version .71 of WordPress said this:

“WordPress is built from b2, which comes from Michel V. We wouldn’t be here without him, so why don’t you grab him something from his wishlist?”

Nice.

As WordPress matured, each download continued to include a license.txt file and a readme.html file but, with the release of version 3.2 of WordPress, Matt and his co-developers added to the wording of the license.txt file. From that point forward, the license.txt file has commenced with this wording (the only change in subsequent versions being the year of copyright):

“WordPress – Web publishing software

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
…

This program incorporates work covered by the following copyright and
permission notices:

Wherever third party code has been used, credit has been given in the code’s
comments.

b2 is released under the GPL

and

WordPress – Web publishing software

WordPress is released under the GPL”

Understanding the GPL

Freedoms

The GPL is an open-source software licence that is designed to protect four fundamental freedoms that are considered to underpin “free software”, namely, the freedom to:

run the software for any purpose;
study how the software works through access to source code and to freely adapt it;
redistribute copies of the software to anyone; and
improve the software, and redistribute those improvements to anyone.

Versions

First written by Richard Stallman and the Free Software Foundation (FSF) in 1989, the GPL has continued to evolve through successive versions. Version 2 was released in 1991 and version 3 was released in 2007. Version 3 is the latest version.

As noted above, WordPress is released under version 2 of the GPL, although the introductory section in the licence now states that “you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version”. Clauses or paragraphs in the GPL are called “sections”.

Summarising the GPL

From the perspective of opening up software for use by others, the GPL was and remains a well-crafted open source licence. At the same time, it uses legally-oriented language with which many WordPress users may be unfamiliar. In addition, and unlike the Creative Commons licences for other forms of copyright works, the GPL doesn’t have a simplified “human readable deed” (as Creative Commons calls the summary of its licences). For these reasons, the true meaning and impact of the GPL might not be immediately apparent to some WordPress developers, designers and users.

To boil things down, the following box summarises key aspects of version 2 of the GPL. It doesn’t summarise all clauses. Rather, it summarises those that are most relevant to WordPress users on a day-to-day basis.

A summary of the GPL

Copying and distribution: You may copy and distribute the program as long as you comply with some copyright notice and disclaimer requirements. Those requirements are that you publish on each copy an appropriate copyright notice and disclaimer of warranty, keep intact all notices that refer to the GPL and the absence of any warranty, and give recipients a copy of the GPL along with the program. (Section 1)

Fees: You may, if you wish, charge a fee for transferring a copy of the Program and/or for warranty protection. (Section 1 as well)

Modifications / derivative works: You may modify the Program or any part of it and distribute the modifications or new work as long as modified files contain notices regarding the existence and date of changes and any work that you distribute or publish that contains or is derived from the Program or any part of it is licensed as a whole at no charge to all third parties under the GPL. (Section 2)

Distributing non-source forms: You may copy and distribute the program or a work based on it in object code or executable form, on the terms of sections 1 and 2, as long as you accompany it with either:

the complete corresponding machine-readable source code; or
a written offer (valid for at least 3 years) to give any third party the source code, for a charge that is no more than the cost of distribution; or
information you received as to such offer (this option is allowed only for noncommercial distribution and if you received the non-source form(s) with such an offer (Section 3).

Termination: If you copy, modify, sublicense or distribute the Program other than as permitted, your rights under the GPL will terminate automatically. (Section 4)

Downstream licensing: Downstream recipients of the Program or any work based on it automatically receive a licence from the original licensor to copy, distribute and modify the Program on the terms of the GPL. As a distributing licensee, you are not allowed to impose any further restrictions on the recipients’ exercise of the rights under the GPL. (Section 6)

The GPL in a small nutshell

A super-condensed summary would be along these lines: you can copy and distribute the program, you can charge a fee for transferring the program or providing warranty protection, and you can modify the program and distribute your resulting derivative work. But, if you distribute your derivative work, you need to license it under the GPL, otherwise your licence to use the program will terminate (and you’ll be infringing copyright in the program).

Qualifications

Whilst many parts of the GPL are abundantly clear, certain aspects are, unfortunately, more complicated than the above summary might suggest. In particular, one needs to be aware of some important qualifications as to how the requirements relating to modifications / derivative works are intended to apply. The full text of section 2 should be consulted for the detail but key points are these:

the intent is to control the distribution of derivative or collective works based on the Program, not to “contest your rights to work written entirely by you”;
if identifiable sections of the modified work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then the GPL does not apply to them when distributed as separate works;
however, when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of the GPL; and
“mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of [the GPL]”.

As we will see in a later post, the intended meaning and scope of the modifications / derivative works provisions have been the subject of considerable debate for many, many years, including within the WordPress community. (Yep, in a later post, I’m going to wade into the topic of the GPL and commercial themes. I need to take a few deep breaths before doing so.)

GPL-related WordPress questions

It’s fairly easy to summarise most key aspects of the GPL but the rubber hits the road when people come to apply it in practice. For this reason, I’ve set out below a range of GPL/WordPress questions that do or may arise in practice and have sought to answer them. Note that I’ve deliberately not addressed the question of the extent to which commercial themes may need to be licensed under the GPL (as mentioned above, that’ll be the subject of a later post). When I use a term like “GPL’d theme”, I’m saying that the theme has been licensed under the GPL.

If I modify the core WordPress software or a GPL’d theme or plugin, must I release the source code of the modified versions(s) to the public?

If you are using the modified version privately without distribution, then you do not have to release the source code of the modified version to the public. However, as the Free Software Foundation puts it, “if you release the modified version to the public in some way, the GPL requires you to make the modified source code available to the program’s users, under the GPL.”

If I know that someone has developed a WordPress theme or plugin for private use, can I require that person to give me a copy of the theme or plugin?

No, the GPL does not require this.

I take a GPL’d theme or plugin from the WordPress theme or plugin repository, or I purchase a GPL’d theme or plugin from a commercial provider, and then I modify the theme or plugin for my own purposes. Am I obliged to release my modified version to others?

No, you are not obliged to release your modified version to others.

Can I sell the core WordPress software for a fee if I want to?

Yes. Doing so is consistent with the freedoms in the GPL. However, trying to do so would be pointless and unlikely to earn you any money, as everyone knows or could easily find out that WordPress is freely available at wordpress.org.

I’m a theme/plugin developer. I’ve put huge effort into writing my theme/plugin and I’m going to release it under the GPL but I want to make sure that everyone who receives my theme or plugin, even if from someone else, is obliged to pay me a licensing fee or notify me that they have it. Can I do that?

No. As the Free Software Foundation puts it, the “GPL is a free software license, and therefore it permits people to use and even redistribute the software without being required to pay anyone a fee for doing so.” Similarly, if someone receives a copy of GPL’d software, that person does not have to inform the developer that s/he has it. You are entitled to charge a fee for access to support and later versions, but this is quite different to requiring recipients to pay a licensing fee for merely using the software.

I’m a commercial theme or plugin developer. I sell my GPL’d theme or plugin online, behind a pay wall. People can only access the theme or plugin files after paying my prescribed fee. Does the GPL allow me to do this?

Yes. You are entitled to charge a fee for distributing copies of GPL’d software. Note, however, that anyone who obtains a copy is entitled to release it to anyone else, with or without charge; the GPL allows this to occur.

I’m the same commercial theme or plugin developer mentioned above, selling my GPL’d theme or plugin online behind a pay wall. As a commercial operator distributing a GPL’d program, am I obliged (e.g., if someone asks) to make my theme or plugin available to a member of the public for free?

No. However, as noted above, anyone who obtains a copy is entitled to release it to anyone else, with or without charge.

I’ve purchased some GPL’d themes or plugins from a commercial theme or plugin provider. May I sell those themes or plugins from my own website for my own benefit or publish those themes or plugins on my own website and give them away for free?

Yes, under the GPL, you may do either of these things (or both on separate sites if you were so inclined). Bear in mind, however, that some in the WordPress community are likely to frown on such activity and that you are unlikely to be able to provide (or may not wish to provide) the support that the developers/owners can provide.

I’m happy for other people to use my themes and plugins for free. Indeed, that’s why I released them under the GPL and put them in the WordPress theme or plugin repository. I would, however, like to be acknowledged as the author of the theme or plugin in cases where users share the theme plugin with others or modify the theme or plugin. Can I require that?

Yes. As the Free Software Foundation puts it, you “can certainly get credit for the work. Part of releasing a program under the GPL is writing a copyright notice in your own name (assuming you are the copyright holder). The GPL requires all copies to carry an appropriate copyright notice.”

What practical steps can I take if I believe a theme or plugin developer is violating the GPL?

Various things. You could try to raise the matter with:

the developer/owner in question (with a view to explaining what you consider to be a GPL violation);
the core developers of WordPress (to see whether they, as the principal copyright holders, are interested in getting involved); and/or
the wider WordPress community (with a view to evoking community support).

I suggest that raising it with the developer/owner in the first instance is preferable to going straight to the WordPress core developers or the wider community, as sometimes an individual developer/owner may not appreciate what the GPL requires in a particular situation or may have an explanation that meets your concerns. All this said, if your concern relates to not licensing a theme or plugin under the GPL, I suggest it’s important to note that the extent to which themes and plugins must be licensed under the GPL is a thorny and controversial issue (that I’ll be addressing, in relation to themes, in a later post). There is unlikely to be a single definitive answer to this question which applies to every single theme and plugin.

Automattic, open licensing and open data

Published by Richard Best

The open spirit of WordPress

Everyone knows that the founders of and contributors to the WordPress software at WordPress.org wholeheartedly embrace the spirit of open source software. The GPL (the open source licence under which WordPress is licensed) sits at the centre of what they do and Matt Mullenweg, for example, speaks passionately about the GPL and champions the cause it represents (and those that defy the GPL’s requirements (or spirit) when the community thinks it applies (or should be applied) may, well, be frowned upon). Here’s an example of Matt speaking about the GPL:

From software to other creative content

Whilst copyleft has its origins in the software world, the open source software movement is now a subset of the larger world of open licensing and open data. Various licences and tools exist to enable people to share not only their software but also their creative content and other data on standardised terms that are quick and easy to put in place.

Automattic’s generosity

Not surprisingly given its founders, Automattic has always contributed back to the WordPress core and has always supported open licensing of software, consistently with its mission of democratising publishing. What may be less well-known is that Automattic also embraces open licensing of literary content. Considerable value can be locked up in such content and Automattic, consistently with its approach to a good deal of software, has unlocked quite a bit of it through applying Creative Commons licences to it. I thought it might be helpful to draw attention to this because, as Automattic puts it in its Privacy Policy, the company “spent a lot of money and time on [in this case, its privacy policy], and other people shouldn’t need to do the same”. Automattic repeats this sentiment in other content it has openly licensed for re-use.

Those not familiar with Creative Commons licensing might like to take a look at this helpful video commissioned by Creative Commons Aotearoa New Zealand. It does a great job explaining what the Creative Creatives licences are about and how they work (and it too is Creative Commons licensed so you can copy and mash it up to your heart’s content):

So what content has Automattic openly licensed and on what terms? I’m sure I’ll be missing something but here’s a starter for 10:

the WordPress.com Terms of Service are licensed under a Creative Commons Attribution ShareAlike 3.0 Unported licence (CC BY-SA 3.0);
Automattic’s Privacy Policy is licensed under a Creative Commons Attribution ShareAlike 2.5 Generic licence (CC BY-SA 2.5);
content on Automattic’s Transparency site is licensed under a Creative Commons Attribution-ShareAlike 4.0 International licence (CC BY-SA 4.0);
the Akismet Terms of Use are licensed under a Creative Commons Attribution ShareAlike licence (although whoever prepared the page forgot to specify or add a link to which version of the licence applies); and
Automattic is placing various legal documents into a GitHub repository which are licensed under a Creative Commons Attribution ShareAlike 3.0 Unported licence (at the date of this post, the documents comprised the Automattic Privacy Policy, the WordPress.com Terms of Service and the Legal Guidelines available at https://transparency.automattic.com/legal-guidelines/ for those seeking information about a WordPress.com user or looking to take action against a resource hosted on the WordPress.com network).

(It’s also interesting that, to “the extent possible under law, Automattic, Inc. has waived all copyright and related or neighboring rights to the declarative code that is necessary for function calls to the Automattic APIs as well as the structure, sequence and organization of the Automattic APIs” under the Creative Commons public domain dedication tool known as CC0 (pronounced CC zero). See the WordPress.com developers guidelines for the detail. This is different to the licensing of the kinds of copyright content listed above but it’s notable nevertheless.)

What this all means

Whilst different versions of the Creative Commons Attribution ShareAlike licences have been applied to the different items of content referred to above, the key elements of this particular licence common to all versions are that it lets others copy, adapt and share the work, including for commercial purposes, as long as they credit Automattic and license their new creations under the same terms. Note that the obligation to license new creations on the same terms only applies where the person making the new creation shares that creation with others. If a licensee makes a new creation purely for personal purposes, the obligation to share alike on the same terms does not apply. In this regard the licence is like the GPL is for software.

(Incidentally, Automattic might like to make all of the licences consistent by updating the older versions to the Creative Commons Attribution-ShareAlike 4.0 International licence it uses on its Transparency site 🙂 This isn’t a big deal but the latest Creative Commons 4.0 licences are better and more user-friendly than their predecessors. Just saying. Happy to help if need be.)

Anyway, this is all great stuff on Automattic’s part. The WordPress.com terms, for example, could be a handy starting point for those setting up their own WordPress platforms running on WordPress multisite. The same can be said for Automattic’s Privacy Policy where an organisation’s handling of personal information is similar to that of Automattic. Hell, a developer has even tried to make life easier for people by releasing an Auto Terms of Service and Privacy Policy plugin that, to quote the plugin’s page in the repository:

“Puts your own information into a version of Automattic’s Terms of Service and Privacy Policy … that have been modified to exclude specifics to Automattic (like mentions of “JetPack”, “WordPress.com”, and “VIP”) and have more generic language that can apply to most any site or service provider, including single sites, subscription sites, blog networks, and others.”

Beware of cookie-cutting

Being a lawyer, I should say it’s important to appreciate that you cannot necessarily cookie cut, say, the WordPress.com Terms of Service or Automattic’s Privacy Policy and assume they’ll be fit for your own purposes. In all likelihood that will not be the case as your own operations and requirements need to be considered, your own handling and treatment of personal information must be assessed and your overall circumstances are unlikely to mirror those of Automattic. In addition, if you’re not based in the United States, the privacy laws that apply may be significantly different to those that apply to Automattic.

That said, great stuff

All that said, the fact remains that Automattic’s release of these legal documents (or “legal mumbo jumbo” as Automattic calls the Akismet Terms of Use) under a Creative Commons licence is great stuff and may, at the very least, help some people and organisations avoid or at least reduce their legal bills. That seems to have been the case for one fellow who blogged this:

“Liberally riffing off WordPress.com’s terms of service to produce similar for the J-School. Thank you Automattic for your support of Creative Commons.”

Cool.

Thanks to Thomas Hawk for sharing his photo of Automattic HQ under a Creative Commons Attribution-NonCommercial 2.0 (Generic) licence.

Latest Posts

The question

Comments

The negative SEO campaign against WP Site Care

Purpose

Different kinds of negative SEO

Remedies

Summing up

The question

Comments

Here’s the thing

What we read on the web

What the GPL says

Difference between downstream licensing of the original Program and subsequent licensing of a derivative work by its creator

Implications

Bottom line

Meet ‘theme’

Evolution of commercial themes and their licensing

Early adopters of full GPL model

Controversy and “GPL non-compliant” models

The million dollar question

Who is right?

Don’t assume equivalence

To what extent does it really matter?

One last thing…

Let’s set the scene

The risk those people run

Introduction

What is a trademark?

Automattic Inc’s WordPress trademarks

Enforcement of rights

Transfer of WordPress trademarks to the WordPress Foundation

Cool, so I can use the WordPress trademark right?

The debate

I’m not expressing a legal conclusion

The propositions

Let’s close

Licensing

Understanding the GPL

A summary of the GPL

The GPL in a small nutshell

GPL-related WordPress questions

The open spirit of WordPress

From software to other creative content

Automattic’s generosity

What this all means

Beware of cookie-cutting

That said, great stuff

Pin It on Pinterest