SGI OpenVault

[Seth David Schoen]

Gabe Wachob writes:

> Seth David Schoen wrote:
> 
> > That paragraph is a lot worse than the Export Law Assurances paragraph in
> > the original APSL.
> >
> >    7. Compliance with Laws; Non-Infringement. Recipient shall comply with
> >    all applicable laws and regulations in connection with use and
> >    distribution of the Subject Software, including but not limited to,
> >    all export and import control laws and regulations of the U.S.
> >    government and other countries. [...]
> >
> > It requires compliance with _all_ laws of any jurisdiction, not just export
> > laws; depending on the legal definition of "in connection with", it might
> > discriminate against use of the software for an illegal purpose.  (So, for
> > example, it could then become a license violation to use this software to
> > help criticize certain governments.)
> 
> What criterion of the Open Source Definition does prohibiting use of
> the source code for illegal uses violate? The only possibility I can
> see is #6 (No Discrimination Against Field of Endeavor), but that
> seems to be a stretch for me.

That was the provision I was thinking of in this case, yes.

> Was the intent of #6 of the OSD to prevent licenses from restricting
> use to legal purposes? Is "all legal activities" a "field of
> endeavor"? (I don't think so, using "plain meaning").

No, "all legal activities" isn't a "field of endeavour".  But there _are_
fields of endeavour which are illegal.  Laws which prohibit particular
fields of endeavour are clearly discriminating against those fields of
endeavour.

Now, whether prohibiting particular fields of endeavour is good or bad
depends on questions of moral and political philosophy.

However, there is what's seemed to me like a pretty clear line of argument
against #including laws into licenses.  I wrote a very APSL 1.0-specific
version of that argument about a month ago:

http://www.loyalty.org/~schoen/apsl.html

There are much more generic versions of these arguments.  Continuing from
above, since the provisions of some laws are discriminatory, requiring
compliance with all laws is also discriminatory.  Requiring compliance
with a specific discriminatory law is also discriminatory.  Requiring
compliance with a specific non-discriminatory law is _not_ discriminatory,
but it doesn't cause as much controversy.

To go back to practical examples that many people are likely to agree on:
Singapore prohibits many kinds of speech, including many criticisms of its
government and laws.  Using software to produce or disseminate prohibited
forms of speech there would mean using that software to violate the law;
but why should this _also_ be a license violation?  Is it possible to call
software free when its license terms will not allow Singaporeans to use it
for free expression purposes?

I can actually be more concrete about this particular issue: Brian Ristuccia,
who posted the original list of problems with this license, happens to be
working on free software to defeat the censorship software that many
governments have set up.  Most governments that have done this have also
imposed anti-circumvention laws of some sort.  So Brian's efforts would
probably violate many national laws.

Now, what's the status of licenses which have the effect of prohibiting some
software package from being used in or in support of Brian's IANS project?

There are many more examples, with various associated degrees of
controversy.  But I think the general point that free software licensing
needs to be neutral or antagonistic, not supportive, toward discriminatory
laws, is clear.

> OSD6 needs more
> fleshing out on the web site (or has this been discussed before?) Is
> it the intent of the OSI that inclusion of a term which requires legal
> compliance in distribution and operation of the software renders a
> license non open-source?

Not having been around for the original discussion that created the DSFG,
I don't know exactly what examples of discrimination people had in mind
back then.  Bruce Perens suggested that a similar export issue had arisen
before (on SPICE and South Africa).

I would certainly hope that the answer to your question is yes, if these
provisions are open-ended.  I don't think that people have usually looked
at this sort of thing very closely, unless a license decided to mention a
particular law.  But it's definitely my opinion that a broad provision
like "Users of this software must follow the law" ultimately makes something
non-free, because it incorporates all laws by reference.  That includes
possible bad laws which may be passed in the future, and so the software
authors are giving up a lot of power by implicitly trusting that all
legislation everywhere in the future will always respect freedom.

The GPL, for instance, saw fit to insist that legislation could _not_
absolve people from their responsibilities under it just because that
legislation made it difficult or inconvenient to do so.

> That would seem to be a large obstacle for a large commercial entity
> wishing to open source their software.

Wow, you should have seen publicsource at lists.apple.com when Bruce Perens
posted his objections to termination clauses there!  People were alleging
hatred of (and conspiracies against) corporations left and right.

The basic situation was that a few people, especially Bruce, suggested
that there were some problems in the APSL that made it fail to be free
software.  The reaction of many Apple supporters was to insist that we of
the free software community had unreasonably high standards that no
corporation could possibly meet.  Some people then insisted that free
software people needed to be "realistic", and the version of "realistic"
they had in mind was something like "modifying the OSD according to
corporate lawyers' wishlists".

I don't mean to be too harsh toward Apple supporters.  But there was a
very large difference in outlook.  Many Apple supporters seemed not to
think that publishing free software could have associated risks or
inconveniences.

> These large companies have presences in many nations whose laws
> are very different from the U.S. and don't want to be punished by
> these foreign governments for releasing software which is considered
> "illegal". Terms like the present one explicitly shift the risk of
> "illegality" of the underlying software onto the licensee (the end
> user).

No, they make the "illegality" a license issue.  So, if you broke the law
originally, you were just in trouble with the government.  Now, if you
break the law, you're in trouble with the government _and_ the software
author.

Free software authors are free to disclaim responsibility and liability for
illegal uses of the software.  If they go beyond that, they're _helping
enforce_ laws.

> If China comes along and says that SGI can't give out that software
> in China because its illegal, then all SGI has to do is withdraw the
> license for those users in China and demand that end users stop using
> it. SGI simply says "you violated a term of the license, license
> terminated".

In that case, I think the software in question is clearly not free.

If countries want to punish people who don't help enforce their laws, then
that's a risk of living or doing business in those countries, not a reason
to help them enforce their laws.

In the US, there's theoretically some degree of legal protection against
"compelled speech".  If I sell pens and paper, I'm not obliged to give
long speeches to my customers on the evils of abusing those office supplies
by making pornographic drawings.  They don't even have to promise me that
they're going to use the paper for legal purposes; that's between them and
the government.

In other countries, the situation may be different, but it's hard for me
to imagine why the OSI should endorse licenses that help governments take
away people's freedom.

> If this term wasn't in the license, then SGI might have to spend more
> money litigating (they might have to anyway, mind you) the issue --
> they'd probably win anyway (who knows), but having the explicit term
> lays out the risk allocation so that the end user understands better
> what is going to happen.

But there's a difference between attributing risk to users (NO WARRANTY,
etc.), and attributing control to governments.

Free software licenses and distributions can put as many disclaimers as
they want.  It's a tradition to fill a license with loads and loads of
disclaimers, and they really do make sense for free software.  But there's
a qualitative difference between a disclaimer of liability and a restriction
on someone's actions.

I suggested in a discussion of the old APSL, as an example, an honorable
user who believes in either intellectual property or contracts (or both),
and who disbelieves in some law in his jurisdiction and does not intend
to obey it.

Writing that law into the license significantly changes the situation for
this user.

> Now, this argument might be counter to the principles of the Open
> Source Definition, but we must remember that companies like SGI are
> doing this not for the public good (they could get sued for that), but
> because of the business case it makes for them. I would argue that a
> term like this reduces risks and makes that business case better and
> thus is beneficial for opensource (balancing, of course, against the
> increased restrictions on use of software it imposes).

I believe that the fact that such considerations appear at all is unfortunate.

As things stand, if anyone's not interested in following the principles
expressed in the OSD, they don't have to.  If they do, they get certain
benefits, ranging from helping humanity to a warm fuzzy feeling to publicity
to the goodwill and possible co-operation of various developers who also
like those principles.

> I'm not saying the wording is perfect, just that the intent of the term is
> important.

Ah, the wording in that license is a mess anyway. :-)  Wording is just a
temporary consideration; "the letter killeth, but the spirit giveth life."

> > The clause which requires people to follow "all export and import control
> > laws" is ambiguous, and could be construed as a bizarre inclusion by
> > reference of _all_ trade laws in the entire world.
> 
> Actually, I think its straightforward and thats exactly what it intends to do.
> Its another case of SGI covering its rear end. These are fairly standard
> traditional license terms.

I'm talking about extraterritoriality.  The way it's phrased right now, you
can read it as saying that I'm expected to follow Ugandan trade laws when I
use this software.

-- 
                    Seth David Schoen <schoen at loyalty.org>
      They said look at the light we're giving you,  /  And the darkness
      that we're saving you from.   -- Dar Williams, "The Great Unknown"
  http://ishmael.geecs.org/~sigma/  (personal)  http://www.loyalty.org/  (CAF)