Bringing back ethics to open source

Tobie Langel (@tobie) tobie@unlockopen.com

First, a disclaimer.

…well, two actually.

  1. [IANAL]: I am not a lawyer.
  2. [WIP]: This is a work in progress.

I don’t have all the answers.

Goal: start a conversation.

So, what are we going to talk about?

  1. A bit of context
  2. A different perspective on the OSD
  3. Let’s look at prior art
  4. What’s missing from it?
  5. Role of corporations
  6. What do we get out of this
  7. Critiques
  8. Next steps
  9. Q&A

Context

So... what is this about?

  • Increasing concerns about the negative impact of tech.
  • Historical context of tech used at scale in Human Rights violations.
  • A desire to do something about it through open source licensing.
  • Previous attempts at doing so. Pushback from gatekeepers (that’s their role, so understandable).

OSI, OSD, 4 freedoms, etc.

  • Open Source Initiative (OSI): a non-profit that is responsible for deciding which license is an open source license.
  • Open Source Definition (OSD): a set of 10 criteria necessary for a license to be considered an open source license.
  • 4 freedoms: The four criteria necessary for software to be considered free software (copyleft).

Desacralizing the OSD*

*OSD = Open Source Definition

Desacralizing the OSD

  • Created in a hurry over 20 yrs ago.
  • Lifted from the Debian Free Software Guidelines. *Never updated since.

4 freedoms list of change

American constitution

EcmaScript language

EcmaScript language

Desacralizing the OSD

  • Expression of the privilege of its authors.
  • Ethical concerns would have been central had the OSD been written in less privileged circles.
  • What if open source had succeeded in spite of the OSD and not because of it? ➢ Consider license adoption & who chooses software (hint: devs, not lawyers).

(Some) Prior Art

(Some) Prior Art

  • Douglas Crockford’s “Good, not Evil” license.
  • The Hippocratic License by Coraline Ada Ehmke.

“Good, not Evil” License

  • MIT license & “Good, not Evil” clause:

“The Software shall be used for Good, not Evil.”

Problem: leaves the definition of Good and Evil to interpretation.

Crockford ended-up putting JSON in the public domain instead.

The Hippocratic License

  • Solves the problem of defining Evil by relying on the Human Rights.
  • Doesn’t conflict with criteria 5 & 6 of the OSD by narrowing down limitation to actions (and not people, groups, or fields of endeavor).
  • Problems:
    • Leaves the definition of human rights violation to the courts.
    • No strong adoption story. @tobie

What’s missing?

What’s missing

  • Reliance on internationally recognized and respected body that defines actual violation of Human Rights.
  • Community buy-in and multi-stakeholder support:
    • Maintainers
    • Actual open source projects
    • Nonprofits such as OSI, Apache Foundation, Linux Foundation, etc.
    • Corporations (OSPO, C-suite, Legal)
  • Clear path from existing licenses to ethical ones ➢ Legal aspects, tooling, education, etc.
  • A mindset shift to redefine the norm as respectful of Human Rights.

From Fringe to Norm

Corporations!?

Corporations!?

  • Yes. If corps can’t use it, it’ll never have traction.
  • Corporations often in Prisoner’s Dilemma situation:
    • Would gladly stop infuriating their employees by dropping these small problematic contracts.
    • Problematic contracts often tied to orders of magnitude larger contracts they can’t afford to lose.
    • Provide an excuse to reject problematic contracts without risking the other ones.

What do we get out of this?

A moral compass for our industry

More concretely

  1. Puts Human Rights at the heart of open source & software development.
  2. Human Rights-trained IP lawyers in corporations.
  3. Gives corporations an excuse to reject certain contracts.
  4. Potentially reduces the pool of available software for Human Rights violations.

Critiques

Critiques

  • Other/better way to address this.
  • Risk of ethical license proliferation.
  • Compliance nightmare.
  • Not enforceable, so not worth it.
  • In violation of OSD and/or 4 freedoms.

Next steps

Next steps

  • This is a huge multi-year effort
    • Must be community-backed
    • Assess interest
    • Outreach
  • Figure out where to lead it from
    • OSI?
    • New structure? Support? Volunteers? Funding?

Thank you.

Q&A