BRCK in Violation of the GPL

Update (2015-05-19): BRCK has responded and put up an open-source compliance page on their website.

During a recent meeting of the Nairobi GNU/Linux Users Group we discussed BRCK, the Kenya-based makers of a slick, “rugged”, battery-powered-GSM-router thing of the same name, and their apparent violation of the GNU General Public License (GPL). The lively discussion ended up making its way to the web in the form of a blog post on the group’s blog.

Their product is based on OpenWRT—the GNU/Linux distribution geared towards embedded systems—which is licensed under the GPL v2. I believe this is problematic for BRCK for a number of reasons that I will enumerate below. When we reached out to BRCK they claimed that they were not in violation because they use “stock unmodified OpenWRT” source code. This claim is repeated verbatim in a thread on their forum.

I had intended this post to be a discussion of the spirit of the GPL ending with me expressing disappointment in BRCK for cowering behind perceived technicalities of the license. After sitting down to read the license, however, it became immediately apparent to me that they are indeed in violation. *sigh*

The GNU General Public License

I’ll save the discussion about the spirit of the GPL for later, but here’s the gist:

[…] if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights.

That’s from the preamble of the GPL Version 2. The license goes on to outline the terms and conditions for copying, distribution and modification.

After several readings of the text it is my opinion that BRCK is in violation of Sections 1, 2, and 3 of the GPL v2 and that their rights to distribute OpenWRT-derived works should be terminated under Section 4.

My analysis follows.

Section 1

Section 1 deals with the distribution of source code. Specifically:

You may copy and distribute verbatim copies of the Program’s source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program.

This is very important because compliance with Section 1 is required by subsequent Sections of the license. Use of the language “may copy” merely grants BRCK the permission to distribute program source code which is explicitly required by Sections 2 and 3. In addition, Section 1 states that the copyright notice and license from the original work must be preserved.

While BRCK does not provide source code for their work, they do offer public downloads of their firmware binaries. Unfortunately there is neither a LICENSE.txt file nor any mention of the the GPL in the archive provided:

$ ls -l
-rw-r----- 1 aorth staff 5547580 May 17 14:01
$ shasum
$ unzip
$ grep -r -E 'gpl|GPL' brckv1_20141114/* | wc -l
0 was retrieved on May 17, 2015 and had the file size and SHA1 fingerprint shown above.

Section 2

Section 2 deals with modifications to the program. Specifically:

a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change.

At first this Section doesn’t seem to apply, as BRCK claims to be using “stock unmodified OpenWRT”, but I find their claim dubious for two reasons:

  1. The OpenWRT project doesn’t provide source code producing firmware for any device called “BRCK”, so it is unclear from which source code the firmware builds are created.
  2. BRCK themselves allude to “optimizing” for a 4MB image size, which implies modification.

Nevertheless, if BRCK does indeed use “stock unmodified OpenWRT” source code then the Linux kernel’s GPL v2 compliance guide suggests:

The minimum sufficient answer includes the version number, whether or not it was modified, and where we can get it from. I.E. something like:

“We used Linux, from, and we didn’t modify it.”

If you didn’t modify a package, say so. Even when you used unmodified source code, the GPL requires you to _identify_ the source code you used, clearly and explicitly, at least in response to direct questions about it.

One popular interpretation of the GPL v2 states that Section 2 “[…] seeks to ensure that those receiving modified versions know the history of changes to the software.

As BRCK neither publishes the corresponding source code for their modified binaries, nor explicitly states the exact “unmodified” versions used, they are in clear violation of Section 2.

Section 3

Section 3 deals with the distribution of derived works in object code or executable form. Specifically:

a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above

It goes on to state:

For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable.

Not only does BRCK need to provide the complete source code for their OpenWRT-derived work itself, they need to provide the bits used to produce their firmware builds from that source code.

Sections 4 and 5

Section 5 stipulates implicit acceptance of the license terms upon distribution of the work, and Section 4 is crystal clear on the termination of the rights in case of non-compliance:

4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. […]

By my reading this means BRCK’s rights to distribute OpenWRT-derived works are void.


Interpretation of the license is a bit confusing at first, but very accessible if you actually read it. Put simply: copyleft obligations of the GPL v2 are triggered upon distribution of binary works derived from a GPL-licensed program.

As BRCK is distributing an OpenWRT-derived work in object code form, Section 3 requires that they provide complete corresponding machine-readable source code used to produce the object code they are distributing. Section 1 grants them the permission to provide this code and stipulates that it must preserve the copyright notice and license of the original work.

The implications of Section 2 are less clear, depending on whether or not BRCK is actually using “stock unmodified OpenWRT” source code. I suppose that’s up to them to decide, but I would urge them to keep in mind the spirit of the GPL v2 when making that decision.

BRCK Should Know Better

BRCK is not the “enemy”, but they—of all people—should know better. We expect this behavior from large corporations, but not from quasi-community-based organizations operating in the technical sector.

In the end none of this matters unless someone is willing to take BRCK to court over non-compliance. Even if someone was willing to do so, I think it would be sad if it had to come to that. Instead, I hope this serves as a lesson in GPL v2 compliance for Kenyan organizations in the future, and indeed a public record of my findings.

6 thoughts on “BRCK in Violation of the GPL

  1. Good work pointing out “Even when you used unmodified source code, the GPL requires you to _identify_ the source code you used, clearly and explicitly, at least in response to direct questions about it.” This really shouldn’t be difficult for BRCK to do. It’s just a matter of updating the website with a notice enumerating the packages/versions they use. If they’ve modified the code itself, then of course it must be made public. If they’ve changed sensitive configuration variables (like a password), they can simply comment that out and put an example password in for the open source version. There’s nothing wrong with that.

    If they’ve created their own independent “system library” then that can have its own license (

    1. Also, BRCK incorrectly—or naively—states that they only need to release code if they “link statically or dynamically to OpenWRT”. OpenWRT isn’t something they can link against; it’s a GNU/Linux distribution which contains at least the following GPL-licensed programs: the Linux kernel, busybox, and OpenWRT’s own “glue” to stitch the system together.

      Also, arguing over the technicalities and interpretation of the license misses the point. I expect that from Safaricom, but not from BRCK. BRCK should know better.

  2. Quite a long read, and a solid warning to Kenyan institutions going down the same path as BRCK.

    It’s hard to dodge a GPL violation in this space, with bold claims as “BRCK runs stock unmodified OpenWRT as targeted to the AR71xx processor and optimized for a 4MB image footprint. The firmware itself is 99% OpenWRT with 1% occupied by scripts that we use to communicate with the operating system and communicate securely with the BRCK Cloud. Also included in this 1% is our custom dashboard interface. The GPL license requires a release in code only if we link statically or dynamically to OpenWRT which is not the case.”

    Let’s see if they eventually comply, noting that it’s been *months* since this issue was brought up.

    1. Ironically, BRCK’s firmware download includes boat loads of source for a bunch of irrelevant stuff like jQuery, Bootstrap, etc, none of which are licensed under the GPL.

  3. Hi Alan, Thank you for bringing this oversight to our attention. The matter has now been addressed to comply with GPLv2. The technicalities around adding the .txt file and adding the location of the source we used are valid and we’ve replaced this now with the source we use to create our base OS. Thanks for reviewing everything and bringing that up.

    As we state on our site, we use an unmodified version of OpenWRT Attitude Adjustment. We use the TP-MR3020 configuration as our hardware has a similar AR9331 profile. As mentioned above we’ve removed the binaries and replaced this with a copy of the source files, you can download these at This is the base OS that we install at the factory and then the BRCK scripts and BRCK application specific code is installed from a separate repository before shipment.

    We will be at the next LUG meeting in Nairobi to discuss this some more with the community. We always try to remain engaged with the community from providing a teardown page documenting how to hack the device; to having our own team help people with flashing BRCKs with their own code. We look forward to talking in-person at the next meeting.

Comments are closed.