Linksys is a very successful purveyor of WiFi More about WiFi routers, in particular the WRT54G 802.11g wireless home gateway. In March, 2003, Cisco Systems (Nasdaq: CSCO) More about Cisco Systems bought Linksys for US$500 million. After the acquisition, in June 2003, complaints appeared on discussion boards such as LKML and Slashdot claiming that Linksys was violating the GPL by not providing source code for certain code used in its WRT54G wireless access point. (See for instance this posting.) The Linksys product included both the Linux kernel and other GPL code.

This is the nightmare scenario for an acquiror worried about open source. In the trade this is known as "buying a lawsuit."

The FSF stepped in, stating publicly that it was spearheading enforcement for multiple copyright holders who had licensed materials under the GPL: "[W]e are leading a coalition of many copyright holders in the WRT54G, as Linux is only one part of a large body of GPL'ed software in the product. We formed this coalition because, having done enforcement cases for a product with a broad range of copyright holders before, we have found that separate enforcement actions and/or law suits from individual copyright holders make attainment of compliance more difficult."

Undoubtedly informal enforcement actions are easier with fewer parties involved. However, this statement as it relates to "law suits" is a bit disingenuous, for two reasons: first, FSF has never actually led a formal defense group to enforce the GPL in court, and second, if it did so, it would likely do so based not on convenience, but necessity, as separate suits might be impossible due to legal due process requirements.
What Can Be Learned

Linksys eventually released the source code at issue. Various Web reports place the release at three to four months after the first demand by the FSF. It is amusing to read the morally outraged postings on this subject that describe this result as glacially slow. It seemed fast to me. The only way to do it faster would have been a scorched earth TRO action or some jackbooted GPL police.

The first take-away from this case is the difficulty of doing enough diligence on software development in an age of vertical dis-integration. Cisco knew nothing about the problem, despite presumably having done intellectual property diligence on Linksys before it bought the company. But to confound matters, Linksys probably knew nothing of the problem either, because Linksys has been buying the culprit chipsets from Broadcom (Nasdaq: BRCM) More about Broadcom, and Broadcom also presumably did not know, because it in turn outsourced the development of the firmware for the chipset to an overseas developer.

To discover the problem, Cisco would have had to do diligence through three levels of product integration, which anyone in the mergers and acquisitions trade can tell you is just about impossible. This was not sloppiness or carelessness -- it was opaqueness.