GPL-incompatibility of Spotify's libspotify API ToU (was Re: Getting a Spotify Premium account for Amarok)
Bart Cerneels
bart.cerneels at kde.org
Mon Nov 12 21:07:02 UTC 2012
On Mon, Nov 12, 2012 at 9:02 PM, Bradley M. Kuhn
<bkuhn at sfconservancy.org> wrote:
> Amarok Committee,
>
> Bart, Tony, and I discussed the issue with spotify on IRC today. I
> hadn't realized (until today when Bart told me) that a GSoC student had
> added support for spotify to Amarok. Conservancy only became aware of
> the issue on 26 October when Bart asked for a spotify account to get set
> up for Conservancy.
>
> As it stands, Conservancy is very worried about Amarok offering spotify
> support. Spotify's terms of use for the libspotify API, at
> https://developer.spotify.com/technologies/libspotify/terms-of-use-us/ ,
> require the following:
>
> By using any part of the API (as defined below), you (including any
> organization on whose behalf you are agreeing to these Terms of
> Use) (collectively sometimes referred to as "you" and "your") are
> deemed to have accepted these Terms of Use...
>
> "Application" means an authorized end user downloadable application
> utilizing the API developed by you solely for use by Users to
> access the Service.
> "User" means a registered subscriber to the Service ...
> ...
> 3.10 When distributing the Application, you shall require end users
> to agree to an enforceable end user license agreement containing at
> least the following specific minimum terms:
>
> 1. a provision stating that you, and not Spotify, are responsible for
> your Application;
> 2. a provision indicating that the API is provided "as-is," without any
> warranties, and that expressly disclaims all implied warranties,
> including the implied warranties of merchantability, fitness for a
> particular purpose and non-infringement;
> 3. a prohibition against modifying or creating derivative works based
> on any part of the API;
> 4. a prohibition against decompiling, reverse-engineering,
> disassembling, and otherwise reducing the API to source code or
> other human-perceivable form, to the full extent allowed by law...
>
> The "Application" is Amarok (as defined in the agreement, "end user
> downloadable application utilizing the API developed by you"). You, in
> the agreement, is the Amarok Developers. "End users" and "the Users"
> are the folks that you distribute Amarok to. 3.10.3 and 3.10.4 above
> contradict the requirements of the GPL, so the Amarok Project can't
> simultaneously meet its requirements under GPL and the ToU.
>
> Now, Conservancy doesn't believe that distribution of source code in
> your current spotify branch violates this agreement: it's always been
> Conservancy position that the publication of source code for reading is
> Free Speech in the USA and publishing source code for people to read is
> akin to publishing a poem on your website.
>
> But, definitively distributing a final Application under GPL intending
> that the Amarok user will have a seamless experience with spotify/Amarok
> integration *would*, in Conservancy's opinion, violate the ToU, or GPL,
> or both, depending on one's perspective. It furthermore can create
> similar risk for downstream distributions that package Amarok.
>
> Whether an agreement regarding using an online API would hold up in
> court is another question, but Conservancy's risk is nonetheless great,
> because the issue of intention matters in Court. Thus, if Amarok
> intends for its end users to use the spotify API, and makes effort
> (which you have) for Amarok to support spotify via the API, it's going
> to be difficult for Conservancy to argue it was not bound by the ToU
> (even *if* Conservancy doesn't create a spotify account).
>
> We'll need to figure out the right solution here. Conservancy's General
> Counsel, Tony Sebro (cc'ed) is going to make an effort to reach out to
> lawyers at Spotify, since there some chance this issue is an unintended
> consequence of overzealous drafting on their part. I can't say for sure
> if we'll be successful in reaching out to them, but we're trying. We'll
> keep you posted.
>
> In the meantime, I have to ask Amarok not to make Spotify support
> official in your distribution. I realize that might harm your release
> schedule and I apologize for that. Conservancy just didn't have the
> lead time necessary to investigate this issue in time for the next
> release. In future, please do send us any ToU and licensing information
> for any service/library you want to support as early as possible.
According to me the spotify-resolver, shared between Amarok and
Tomahawk [1], or clementine's "blob" is the application in this case.
spotify-resolver is BSD licensed and hence not subject to the GPLv2
section 7 [2] terms and fully capable of complying with the Spotify
Terms of Use [3].
Secondly, Spotify ToU section 3.10 states that and End User License
Agreement needs to be presented to the user on *distribution*. We
download the resolver-binary only once the terms are acknowledged by
the user, complying with the Spotify ToU.
After the exec() to start the spotify binary it's used as a service,
this is no more derivative then using any other socket based system
service.
I feel the supposed conflict between the Spotify ToU and GPLv2§7 is
result of an overzealous interpretation and misunderstanding. The
successful API-key application of tomahawk and clementine players
confirm that Spotify feels this is complying with their ToU. The end
result is the Free Software Music Enthusiast not getting a fair chance
at a comparable experience. Surely the goal of free software is not to
reduce end-users freedom right?
[1] https://github.com/tomahawk-player/tomahawk-resolvers/tree/master/spotify
[2] http://www.gnu.org/licenses/gpl-2.0.html#section7
[3] https://developer.spotify.com/technologies/libspotify/terms-of-use-us/
More information about the Amarok-devel
mailing list