DEV Community

loading...

Towards an ethical open source license

jimsy profile image James Harton ・Updated on ・3 min read

Recently there has been a lot of discussion about 996.ICU and this has highlighted an uneasy feeling I've had about Open Source for a very long time.

The Open Source Initiative publishes the Open Source Definition which defines, amongst others, the following criteria for a license to be considered Open Source:

  1. No Discrimination Against Persons or Groups The license must not discriminate against any person or group of persons.
  2. No Discrimination Against Fields of Endeavor The license must not restrict anyone from making use of the program in a specific field of endeavor. For example, it may not restrict the program from being used in a business, or from being used for genetic research.

These criteria were originally derived from the Debian Free Software Guidelines.

I write Open Source Software (OSS) for fun, not profit. I've written a lot of code that is useless even to me and given it away to see if anything interesting happens to it. I'm not a member of the Apache Foundation or the Mozilla Foundation, although I think those organisations do great work.

People write OSS for a lot of reasons; for the lols, to learn new things, to be part of a community, because they need it for their job or just because they can. There are as many motivations for writing and giving away software as there are people doing it.

Writing OSS has always been a political act. When Richard Stallman founded the Free Software Foundation he was making a political statement. That political statement represents his desire for universal freedom to study, distribute, create, and modify computer software. The OSI was founded by Bruce Perens and another guy whose name I won't mention because he's so toxic. I don't find it surprising that our "global movement" of giving away software for free has been framed by cisgender, heterosexual white dudes from the east coast of the United States. It has been said that the ability to write and contribute to OSS requires a certain level of privilege - enough spare time and resources to participate without negatively impacting your work or family life, for example - as such it's hardly surprising that the roots of our movement stem from a place of wealth and have a weirdly American flavoured libertarian bent.

So here's where I'm at: I want to write software and give it away for free. I want my friends or complete strangers on the internet to use my software for wonderful and surprising things. I even want people to build businesses using it if they can think of a way to do that. However, there are things I want to limit: I want to stop companies which mistreat their labour force, damage the environment or public health, discriminate against people, or make weapons from using my software. These are my core beliefs. Why shouldn't I be allowed to use a license that reflects them, when the licenses endorsed by the so-called Open Source Definition or Free Software Foundation so obviously reflect the beliefs of those that founded those organisations?

The idea of adding limits to open source licenses, other than those which enable derivative works to stay open source has been seen as taboo in our community. Why is this and what can we do about it?

Update 5th June 2019:

I've only just found out about the Do No Harm software license. I like it.

Discussion (2)

pic
Editor guide
Collapse
madhadron profile image
Fred Ross

other than those which enable derivative works to stay open source

This one is only there because Linux and GNU's software was already under the GPL when OSI got off the ground. To understand this, you need to understand what open source was about in the 1990's when the OSI started and why they had to include GPL software under their umbrella.

So, it's the 1990's. Most people collaborate by passing floppy disks around. Places with serious IT chops have LANs and servers. The Internet explodes onto the scene, and suddenly everyone sees no reason that they shouldn't be networked. Windows for Workgroups and Windows 95's built-in LAN networking worked okay for small offices. I remember being dropped off as a 15 year old intern with a pile of cable and a network hub to turn a small business into a networked small business. The setup took about an hour. The training took longer, but a large part of that was people excitedly asking you to confirm that, yes, they could just open this file on Bob's computer without having to copy it on a disk first.

As soon as you outgrew that, you were looking at putting a server in. These places weren't going to drop the money for a Windows NT license and the many thousands of dollars for a Solaris, HP-UX, Digital Unix, or AIX server was out of the question. So you grab a spare PC and install a free Unix clone.

That would have been BSD, but a frivolous lawsuit tied up that whole world in the early 1990's. You couldn't in good conscience leave a machine running an OS that might be declared illegal or suddenly require the business to pay licensing fees that they never agreed to. So people glommed onto Linux (which was a piece of crap at the time compared to BSD), threw the GNU toolchain on it, and got a usable free Unix clone. By the mid 1990's you could order CD sets from RedHat, SuSE, Slackware, Debian, TurboLinux, and others that don't exist anymore.

That low end market hasn't got much money in it. The money is upmarket. Fledgling companies like RedHat and SuSE wanted to move upmarket. IT consultants who were working with Linux wanted to move upmarket, too. But enterprise IT is a different game. They have purchasing processes and vendor relationships and support contracts. When someone shows up saying, "Sure, here's some CDs for free and all the source code," they assumed that they were being scammed. It didn't seem serious. And then they went online and started reading about free software, and found Richard Stallman, "information wants to be free," and people using the word hacker, and told the Linux community to get lost before the FBI was called.

Enter the open source movement. Richard Stallman and the FSF controlled "free software." You couldn't rebrand that term. There was too much baggage out there around it. So a new term was needed: "open source." And Linux was the poster child. Eric Raymond traveled the country and wrote essays. Microsoft published total cost of ownership analyses (which for a corporate IT department were likely correct at the time). And big corporations got the idea: these guys are writing this software that is good enough and I can take it for free, and they even fix my bugs faster than the vendor that pays me because it makes them feel important.

At this point a lot of companies started trying to cash in by saying that they had open source software, so OSI trademarks the term "open source" and sets up guidelines for a license. But remember, this is all about market disruption. The clauses in the GPL that force people to give away changes they make were embarrassing for them. But if they excluded the GPL, they would have excluded Linux and GNU's software, they would have excluded GhostScript, they would have excluded a bunch of other stuff, and no one would take them seriously. Remember, BSD was poisoned by the lawsuit.

The whole point of "open source" is to be friendly for businesses, to reduce their cost of doing business, and to allow a set of disruptive businesses to move upmarket. It intentionally divorced itself from ethical notions.

So why don't we see more restrictive licenses that impose ethical clauses? Part of it is inertia and community expectations. Given communities expect certain licenses. The libraries that I released in Haskell were largely GPL licensed originally. BSD is the norm in that community, and I ended up relicensing several of them when I handed them off to other maintainers.

Part of it is that writing a good license is a lot of work and requires a fair understanding of international intellectual property law, so grab the GPL, slap it on, and call it a day. Those of us who lived through this fracas in the 1990's learned more about software licensing and intellectual property law than was probably healthy, and with that came a sense of "oh man, I have no idea how I would write that so it makes sense all over the world." For example, if you have an employee from a country that forbid labor unions, the 996.ICU license would prevent a company that had unionized employees from using the software. Or say that you have a country with a socialized healthcare system that forbids companies from providing supplementary healthcare as a benefit to employees. An employee from that country would force a US company to no longer provide health insurance to use 996.ICU licensed software. "Stricter" can go both directions.

Collapse
jimsy profile image
James Harton Author

Thanks for the refresher. At the time I was fully bought in on the GPL and what it stands for. The Ruby community loses it's shit if you license your code anything other than the MIT license, so these days I tend to use that.

You're right that writing new licenses will not be easy, however it seems to me that a framework like CreativeCommons might work where you have a base license and some optional clauses.