2013-06-12

Is it time to reconsider Freedom 0, and clauses 5 and 6 of The Open Source Definition?

It's been a hard week for techies, as a variety of revelations make the projects we've all worked on look less appealing. Things that might have been triumphs at some point are suddenly darkened:

On a side note, geeks might be interested to know that Boundless Informant--yet another great NSA name, no?--is hosted on free and open-source software. Congrats, open source movement!

The relationship between the NSA and open source software isn't new - SELinux was a classic cooperation, eventually integrated into the Linux kernel. More recently, Steven J. Vaughan-Nichols wrote that "Open-source software and the National Security Agency go together like peanut-butter and jelly. No, they really do!"

It's not just the NSA that's discovered the value of open source for spycraft and data mining, but a wide variety of other organizations, national, commercial, and military. It's not just that they can borrow open source code - of course it's easy - but that the open source movement has gone out of its way to ensure that these organizations can use open source code with a clear licensing conscience.

The Open Source Definition bars any license which attempts to block these groups (or other groups) from using the code:

5. No Discrimination Against Persons or Groups

The license must not discriminate against any person or group of persons.

That means that you can't bar the NSA, the Chinese government, Microsoft, President Obama, Scientologists, or the Dalai Lama (among many others) from using your code.

6. No Discrimination Against Fields of Endeavor

The license must not restrict anyone from making use of the program in a specific field of endeavor. For example, it may not restrict the program from being used in a business, or from being used for genetic research.

That also means that you can't bar, for example, militaries, religious organizations, governments, or intelligence organizations from using your code.

The Free Software Foundation reaches the same place slightly differently by building "for any purpose" into their Freedom 0:

Freedom 0 is the freedom to run the program, as you wish, however you wish, for any purpose.

When you use open source licenses, you are accepting that folks you're really not fond of can use your code for potentially ugly purposes. This simplifies license checks, and keeps, say, companies that acquire other companies from finding they've been barred from using the acquired company's toolset.

The response I've had in the past when I've suggested this might be a problem for people less excited about supporting dubious projects along with the good ones was pretty simple: "so don't participate in open source software."

I doubt that the calculations of the Open Source Initiative on this are likely to change, though I suspect that github's lack of interest in requiring particular licenses may mean that there is an emerging opening for a different model.

Personally, I've taken a different route. I've been lucky, able to choose to work in fields that mostly aren't interesting to the kinds of people I don't want to encourage, and on projects that are way behind work they already have.

I've had a few moments of naivete - looking back, I really doubt the wisdom of writing a book on Cookies. Maybe there's something more dangerous lurking in XML than I've noticed. Lately, my interest in Erlang and Elixir makes me wonder if I'm getting too close to Building Skynet, but my only open source library in the field is simple and quiet.

Just working in Erlang, though, made me feel edgy enough to add this to the preface of Introducing Erlang and Introducing Elixir:

Please Use It For Good

I'll let you determine what "good" means, but think about it. Please try to use Erlang's power for projects that make the world a better place, or at least not a worse place.

Is that enough? It probably isn't. It's a bit too much like Google's "Don't be evil".

(And yes, I recognize that there are deep defense links in the background of the work I do, including Vannevar Bush's early work on hypertext in the OSRD, DARPA's role in building the Internet, and the US government's broad and early support of SGML.)

I hope I achieve a balance - contributing enough work with broad application, but not especially enabling work I'd rather not see happen. It's not a complete answer, and explaining it is unlikely to make anyone happy. Hopefully, though, you can look at your own work and decide what your priorities are, even if they're different than mine.

(Disclaimer: This is definitely only my opinion, not that of my employer!)

Update: Also worth noting, this almost-satire assault on the JSON license, and Douglas Crockford's friendly willingness to grant license exemptions for evildoers.

Show more