Skip to content, sitemap or skip to search.

Personal tools
Join now
You are here: Home Blogs Licensing Regulatory compliance is no reason to lock up users

Regulatory compliance is no reason to lock up users

by novalis Contributions Published on Jun 30, 2006 03:55 PM
Why GPLv3 doesn't make exceptions for regulatory compliance.

A common objection to free software, and particularly to the anti-DRM provisions of GPLv3, is that sometimes laws require that software work in a certain way, and be resistant to change. For example, the FDA might require that the software on a medical device be tamper-resistant or secret[1]. We have had comments about GPLv3 suggesting an exception to the general anti-DRM rules for compliance with such regulations.

At first glance, this seems reasonable. Medical devices are (theoretically) programmed to a high standard of safety, and careless modification could cause great harm. Medical device manufacturers want to Tivo-ize their devices so that only they can upgrade the software on them. They claim that this is necessary for compliance with FDA regulations.

But whatever the FDA regulations require, if free software were used in such devices, it must be the case that at least some free software developers can meet those requirements. If it weren't, then free software couldn't be used in the first place! So really, this is just an attempt to trap users.

It's fairly common for two versions of a device to differ only in software -- for example, one version might only allow five patients to be monitored, while another allows a hundred. The difference isn't a matter of physical capabilities -- it's just a number somewhere in the software. Naturally, if one could change this number (as one could if the software were free software), one could upgrade the device at nearly zero cost. So, anyone who tries to segment the market this way would like to prevent such changes. That's incompatible with software freedom.

But if there really are regulations which forbid software on certain devices from being modified once it's installed, it's still possible to use software licensed under the GPL -- simply burn the software into a ROM. Then nobody can upgrade it without replacing the ROM. Of course, device manufacturers will protest that this prevents them from upgrading it themselves. This shows that their true desires are not to comply with FDA rules, but to get special rights that nobody else has.

The free software community demands equality -- if you can upgrade, we can upgrade. If the FDA or FCC or anyone else says that we can't upgrade, then we say that you can't upgrade. And that's why GPLv3 doesn't make exceptions for regulatory compliance.

[1] It seems likely that the FDA does not in fact require this -- many medical devices today run Microsoft Windows, and hospitals are usually able to apply patches from Microsoft.

Document Actions

The FSF is a charity with a worldwide mission to advance software freedom — learn about our history and work. is powered by:


Send your feedback on our translations and new translations of pages to