[License-discuss] Thoughts on the subject of ethical licenses
Gil Yehuda
gyehuda at verizonmedia.com
Sun Mar 8 20:25:14 UTC 2020
Coraline
I'll share my opinion, offered with respect and after considerable reading
and thinking about this. In order for the ethical source movement (ESM) to
succeed and be understood, I recommend taking much more control over
messaging.
In your email below you said you resent the us-vs-them framing and are
indicating here that the movement is shifting from that position. I suggest
you help people who are trying to figure this out. Many perceive ill
intent, and you tell them "I encourage you to do some googling on the topic."
so they stop creating strawman arguments to attack you. Very fair. But when
they search, they will find us-vs-them framing in ESM's materials. For your
message to work, you have to address this, and own this issue.
You have cautioned the use of dog-whistle terms such as "virtue signalling"
and I'll caution the same consideration with phrases like "*Open Source is
the playground of the privileged*" "*Open Source incentivises exploiting a
volunteer labor force*" and "*Open Source exacerbates existing injustices*"
which I take from the materials you shared with me as pre-reading to learn
about the movement. http://bit.ly/ethical-resources If these are no longer
representative of your mission, great. Please distance yourself from these
phrases and come to the OSI explaining that you see the folks here are not
here to exploit labor, exacerbate injustice, or play with our privilege.
We're here to to pursue what we consider a value. If you share the value,
then welcome.
Imagine the clergy who applies for a job and explains that he's a
wonderfully compassionate and charismatic leader who can fundraise, bring
more families to the congregation, and deliver a fantastic sermon. But when
asked, he admits that he actually sees religion as an antiquated way to
control people and get their money -- and he's written about it too. But he
reminds you that his sermons will really get the crowd on their feet.
Should the congregation hire him? What if he then says, "well, I'm in the
process of changing my views... and coming back to this religion..." ?
Another way to strengthen your message: Reconsider your response "But
taking a step back, would we even be having this conversation if the
(admittedly deeply flawed first version of the) Hippocratic License had not
been released last September? Had it not gotten so much press attention?
Had it not launched dozens of blog posts?" since it is framed as '*the ends
that justify the means*' -- which is a framing that I'm not sure is
consistent with the message ESM is trying to send. I think Ethical Source
is trying to convey that the *means* matter too. If the goal was to have
this conversation with the OSI, surely the framing of OSI as the antagonist
matters. '*But it worked*' is not your strongest response. 'I* see now that
OSI is not the problem, but potentially an ally and want to explore how to
make that work*.' is a much stronger way to present this.
> The OSD does not define open source, it defines the characteristics of
open source licenses. This is a critical distinction.
I don't understand the semantic distinction -- but that's OK, I'll think
about this carefully and maybe I'll get it. But I really don't see the
rhetorical strategy. On Feb 5, 2019 the OSI posted an affirmation of the
OSD that it is a codification of the term "open source" -- and if you
agree, great. If not, please clarify your point. Note I think it's ok for a
person to be against open source. But it's a tactical mistake to try to get
support from a group of people by disagreeing with their fundamentally
shared view (or at least appearing to).
The messaging around the ESM also needs improvement. The common example
I've seen in these discussions (within the ESM community) is paraphrased in
your email: *ICE puts kids in cages in concentration camps but they cannot
be sued for human rights violations. Palantir uses open source software.
ESM seeks to remind contributors to open source packages to connect their
ethical introspection about their open source work to Palantir, to ICE, and
to putting kids in cages. The movement then seeks ways to protect those
contributors from the ethical scar of being an unwilling profiteer of
wrongdoing. Thus ethical licensing solves a problem we previously (but
inadequately) solved by suggesting that open source authors don't take
responsibility for things they can't control such as the ethics of the
users of their code*.
I'd consider expanding the examples to things that are more obvious and
take less of a mental stretch. You see, at each point of the chain, you'll
get people departing. Some people reading this will ask maybe ICE's
policies are legitimate? If they were indeed violations, let them face some
international court. Palantir is an analytics company, do they sell cages?
How do I know if Palantir is using my software internally (when I can only
see the code they publish, not the code they use). etc. Each phrase will
get another group of people to drop off and at the end, you'll have a very
small following. That's odd in a world full of ethical challenges. Why not
pick examples that are more apparent ethical issues, perhaps related to the
software itself. This way you are not asking your followers to agree that a
particular *entity* is evil, but that a particular *use* is.
I think of the various certifications and declarations used in consumer
goods: Fair-trade, not tested on lab animals, 5% of profits donated to some
cause, for every pair of shoes, we donate a pair, organic (no-pesticides),
happy workers, employee-owned businesses, etc. And I wondered which of
these serve as analogies to the ESM. I'm not sure.
ESM's examples don't seem to point (or maybe they do? did?) to
sustainability of critical infrastructure projects by engaging in fair
trade or fair pay (which remains a concern, although the data indicates a
surge in open source contributions from employed developers -- so the image
of open source being all about volunteerism is changing). ESM is not a call
to unionize software developers. It's not even a call against using open
source in weapons. In its current manifestation it is an attempt to
discourage people who engage in human rights violations by threatening them
with copyright violations. That's very hard to rally around. I don't think
licensing is going to get the movement going to its potential goals.
I'm sure the ethical source movement is motivated by good intentions, but
is leveraging inadequate rhetoric to be compelling at this time. I
understand it's hard for busy volunteers to get this put together. I'd take
the time and relaunch when the message is clearer. I think the association
with OSI -- either to fix an antiquated movement, or request help to
establish new parallel but different movement, is not helpful to OSI. Not
when the ethical source movement is at such a formative stage that OSI
members can't really tell if this is or is not an attack. So my advice to
the OSI is to request the ESM to come back to the table when they have
their message more polished. It will be better for the ESM (they'll be
considered on the merits of their actual message, not their previous
rhetoric), and better for the OSI (who will be able to focus on the open
source movement, not on trying to help a different movement that is welcome
to exist, but does not share many of our fundamental values).
Gil Yehuda
On Sun, Mar 8, 2020 at 1:34 PM Coraline Ada Ehmke <coraline at idolhands.com>
wrote:
> On Mar 4, 2020, at 9:13 AM, Drew DeVault <sir at cmpwn.com> wrote:
>
>
> I have some thoughts of my own regarding the ethical licensing movement.
> I hope we can promote a more civil discussion among peers, rather than
> between opponents.
>
>
> I can’t tell you how glad I am to read those words. I am the first to
> admit that in the early days of the movement we took a very antagonistic,
> anti-establishment approach, but thanks in part to the efforts of
> individuals at the SFC and the OSI who had the wisdom and wherewithal to
> engage in good faith anyway, I feel like we are much better situated to
> have constructive conversations about the issues that are important to us,
> in service of finding a collaborative and mutually beneficial way forward.
>
>
> Firstly, I completely acknowledge the concerns of those who would put
> ethical clauses in their licenses. I believe that the values on display
> with these licenses are valid and worth fighting for. That being said, I
> don't believe that software licensing is the appropriate stage for this
> fight. I'll explain why, and I'll also share my thoughts on alternative
> solutions to these valid ethical issues.
>
>
> There is a strong contingent of people within the ethical source working
> group who agree 100% with this sentiment about licensing not being the best
> strategy. Although it is the most visible of our many initiatives, please
> rest assured that we are exploring a number of options to move the agenda
> forward.
>
> Even though I find problems with the ethical-source approach, I again
> find the ethical dilemma valid and worth addressing. Ethical-source is a
> desperate response to the increasing radicalism of world politics. Many
> advocates feel powerless to effect change in the world around them, as
> dissonant right-wing worldviews grow in public support. This leaves us
> frustrated, dejected, and desperate for solutions.
>
> Software licensing is a domain over which we have power, as software
> developers, to affect change. Contrasted with the powerless feeling we
> endure on the world's political stage, our power over the software
> ecosystem is a good feeling. We want to believe that by exercising our
> privilege in the software space, we can bring about the broader changes
> we want in the rest of the world, or at least insulate the software
> ecosystem against it.
>
> Unfortunately, it won't work. I know this sucks. I feel those same
> frustrations with the progress of world affairs. I feel equally
> powerless and desperate. This approach, however, amounts only to virtue
> signaling. There are better ways to signal your virtues, and better ways
> to deal with the problems that are facing us.
>
>
> I completely understand your position, even though I hold out hope that it
> might prove to have a positive impact. But taking a step back, would we
> even be having this conversation if the (admittedly deeply flawed first
> version of the) Hippocratic License had not been released last September?
> Had it not gotten so much press attention? Had it not launched dozens of
> blog posts?
>
> As an aside I also would like to caution you on the use of the term
> “virtue signaling”. I am NOT implying that this applies to you, but that
> term is something of an alt-right “god whistle” in very common usage in
> dark and hateful corners of the internet like 4chan, 8chan, some terrible
> communities on Reddit, and places like Kiwi Farms. It is commonly used to
> dismiss, imply insincerity or hypocrisy, and generally ridicule people
> working in the social justice space.
>
> That being said, taken without the culture baggage, what’s so wrong about
> "virtue signaling" if you think of it as “this person is publicly
> proclaiming a strongly held moral or ethical stance”? Don’t people have the
> right to make such proclamations without having their integrity challenged?
> In fact, shouldn’t we be encouraging that? Doesn’t it have inherent value?
>
>
> This doesn't mean that there is no place for ethics in your software
> projects. You shouldn't have to deal with racism, sexism, homophobia,
> transphobia, or any other kind of discrimination in your project's
> spaces. The maintenance of a healthy and inclusive community is an
> important role for a software maintainer to perform. Be vigilant, and be
> prepared to moderate discussions, eject bad actors, and provide a safe
> space for everyone. It's going to be hard work, and it won't be made
> easier by your choice of license.
>
> Just because a jerk (or substitute whichever rude word you prefer) can
> use your software doesn't mean that you're obligated to interact with
> them. You can ban them from your issue trackers, mailing lists, and
> chat rooms. You can reject their patches. You can even blackhole their
> IPs from your distribution servers. Tell them to fork off and die.
> You're still going to have to do this if you use an ethical software
> license.
>
>
> Adopting an ethical license, at worst, is a way of stating very clearly
> that you feel an ethical responsibility for the way your software is being
> used. The strong feelings evoked by, for example, Palantir using hundreds
> of open source libraries to help ICE put kids in cages are valid, and as
> you say, developers have very strong reactions to knowing that the code
> they so lovingly crafted and devoted so much of their time to is being used
> in this way. Developers feel helpless. And to date no organization that I
> am aware of has prioritized addressing this feeling of helplessness.
>
> That was the impetus for founding the Ethical Source Movement— we want to
> empower creators and reinforce the idea that BECAUSE of the impact of the
> software we create is so wide-ranging, we have a higher-than-average
> responsibility to ensure that our work is used for social good. The Ethical
> Source Movement comprises like-minded, concerned technologists looking for
> any and all tools and methods that will enable us to fulfill these
> responsibilities. There are going to be misses. There are going to be
> failures. There are going to be unintended consequences. The important
> thing is that we are coming together and trying. We’re prioritizing it when
> it seems that no one else is.
>
>
> Philosophy aside, the specific issues as I see them with the ethical
> licensing approach are:
>
> 1. Laws enforce themselves
>
> The Hippocratic License, for example, includes the following:
>
> The Software shall not be used by any person or entity for any systems,
> activities, or other uses that violate any applicable laws,
> regulations, or rules that protect human, civil, labor, privacy,
> political, environmental, security, economic, due process, or similar
> rights (the “Human Rights Laws”). Where the Human Rights Laws of more
> than one jurisdiction are applicable to the use of the Software, the
> Human Rights Laws that are most protective of the individuals or groups
> harmed shall apply.
>
>
> The problem is, licenses are held in force by laws, too. Human rights
> are already defended: by laws. Anyone who is prepared to violate *human
> rights* is going to have no problem ignoring your software license, too.
>
>
> I disagree on this point, which I see being made quite often (usually it’s
> more along the lines of “terrorists don’t care about licenses”. The
> activities that ICE engages in at its concentration camps are illegal but
> still being carried out by the government, and ICE cannot be sued for human
> rights violations. But to return to the example of Palantir: do you think
> their lawyers are going to even ENTERTAIN the notion of using software with
> an ethical license? Being sued for license violation is the least of their
> concerns. It would be a public relations disaster if it was discovered that
> they were using ethical source licensed software to support ICE.
>
>
> 2. It's difficult to comply with
>
> I maintain a project hosting forge, which is currently licensed with the
> AGPL. It provides git hosting, among other things. If I used the
> Hippocratic License instead of AGPL, would I be liable if someone hosted
> a project on my platform which violated, say, environmental laws? The
> license terms say that most stringent jurisdiction applies. Let's say
> for example that the electricity consumption of Bitcoin was made illegal
> under strict environmental protections somewhere, and I have users in
> that jurisdiction. If someone pushes the Bitcoin source repository to
> SourceHut, are they in violation of the SourceHut license? Am I?
>
> What if someone pushes GNURadio to SourceHut, and I have a user in the
> United States National Radio Quiet Zone?
>
>
> I think the language in 2.1 (coming out next week) will clarify this
> concern.
>
> 3. It's not open source
>
> This should be fairly obvious. Simply review the ESD and OSD:
>
> https://ethicalsource.dev/definition/
> https://opensource.org/osd
>
> Points 1 and 6 are the only ones which are not in *direct* conflict with
> the open-source definition. Ethical Source is tautologically not the
> same thing as Open Source.
>
>
> The OSD does not define open source, it defines the characteristics of
> open source licenses. This is a critical distinction. Not meaning this at
> all in an ageist way (I’m pushing 50 myself), the so-called “GitHub
> generation” does not, I believe, think of open source from a licensing
> perspective. The way the majority of them think of open source is
> experiential: “I am developing code in public, accepting contributions from
> other developers across the world, in the hopes that it will be useful to
> someone else.” For better or worse, for many people a license is just a
> drop-down you select from on a GitHub form when you create a new repo.
>
> This is part of the reason why I’m running for the OSI board: the OSI
> necessarily spends its incredibly insufficient budget on the mission of
> open source adoption by commercial entities, and (to the best of my
> knowledge) does little or nothing to support developers themselves. I think
> it has tremendous potential to do more for the average open source
> developer, given an adequate budget.
>
> Even if we disagree on software licensing being the appropriate venue
> for these battles, I don't believe that a hostile takeover of the
> open-source definition is an appropriate way to promote this viewpoint.
> A better approach is to put forward new definitions and terminology for
> the ethical-source movement to rally behind, and to not drag open-source
> advocates into it kicking and screaming. Any members of the open-source
> community who were brought into ethical-source without their consent are
> going to make for poor members of the ethical-source community.
>
>
> Hostile takeover is very strong language, and I believe a gross
> misunderstanding of my goal (speaking now for myself, not the movement.)
> The OSD was written in 1998 with some very specific goals. It has been a
> wild success. Open source is the glue, the infrastructure, the go-to
> toolkit powering the modern age of computing. Mission accomplished. But
> licensing via OSI-approved instruments is about the rights of users, not
> creators.
>
> don’t believe the OSD does much to serve the constituents of the open
> source community, the developers spending their precious free time putting
> all of themselves into code that they hope someone will find useful. Maybe
> the OSI shouldn’t concern itself with developers like that? That’s for the
> organization itself to decide. But I firmly believe that business-as-usual
> will lead to the increasing irrelevance of the organization, and I think
> that would be a tragedy and great loss.
>
> If I were to be elected to the board, I would push for two things related
> to the OSD:
>
> 1) Creating a mechanism for reviewing and, if need be, revising the OSD
> through a consensus-based mechanism that extended beyond the board and
> paying members of the organization
> .
> 2) Through this mechanism, I would advocate for revising the language
> around “field of endeavor” to close the extraordinary ethical loophole of
> “evil people deserve freedom, too.” (I can’t think of a single example in
> the modern world where “evil people” enjoy the same full set of rights and
> privileges as the rest of a community.)
>
> A contested merger of our groups would leave half of us feeling
> disenfranchised: if the OSD remains the same, ethical-source advocates
> feel unrepresented; if the OSD changes, open-source advocates feel
> unrepresented. This "hostile takeover" approach risks creates a
> community of fragmentation and infighting. In truth, almost all goals of
> the open-source and ethical-source movements are in alignment. By
> cooperating as separate entities, we can be more successful in promoting
> our shared goals, and compete only on our mutually exclusive goals.
>
>
> “Hostile takeover” is not a goal of the Ethical Source Movement. We want a
> seat at the table, and we’re trying multiple strategies to make that
> happen— including working as peers with the other members of the board. I
> believe the organization is strong enough and the proper parliamentary
> procedures are in place to prevent one or even two board members strongly
> aligned with the Ethical Source Movement from disrupting or abruptly
> changing the fundamental mission of the organization. Those one or two
> board members would, instead, represent a perspective that for too long has
> been ignored, and find ways to encourage our peers in the organization to
> consider the ethical implications of our mission and goals.
>
>
> I believe that this approach is going to weaken the open-source
> community before it makes it stronger. For this reason, I voted against
> Coraline in the OSI board member election.
>
>
> I believe the open source community is strong enough to handle these
> conversations. But that’s not completely in my control (despite the
> world-crushing powers that some of my critics ascribe to me ;) ). Over the
> past few months I have worked very hard to establish relationships and have
> civil conversations with the people who are dedicating so much of their
> time and effort to shepherding open source into the future. The working
> group that I created boasts members from both the OSI and the SFC.
> Sometimes I still react from a place of emotion and it comes out in ways
> that I regret, but for the most part I make a concerted effort to engage in
> the spirit of collaboration and shared concern.
>
> Framing matters. I am not an outsider to the open source community; I’ve
> been participating in open source since the early 2000s. Before that, I
> released software under the Artistic License back when I was a Perl hacker,
> and shareware before that. I have worked tirelessly for almost a decade to
> make open source more welcoming, inclusive, and diverse. I created the
> first code of conduct for open source communities, and it’s been adopted by
> tens of thousands of projects, including the entire open source portfolios
> of companies like Apple, Microsoft, Salesforce, and Intel, not to mention
> the Linux Kernel. I have mentored dozens of young people eager to join
> the open source community. And during my tenure on the board of Ruby
> Together, I launched a paid mentorship program called Ruby Me that helps
> aspiring developers get valuable experience by pairing them with
> experienced open source developers and paying both mentor and apprentice to
> work on open source projects. Like me or hate me, you can’t argue that I
> have *already* had a tremendous and positive impact on the open source
> community.
>
> Open source transformed my life and opened up opportunities to me that I
> never would have had otherwise. It is BECAUSE I believe so strongly in the
> promise of open source that I am engaged in the work that I am doing now.
>
> So I resent us-vs-them framing, even as I admit my own contribution to
> that antagonism early on. I’m hoping that we can move past adversity and
> come together to create the next great hack that ensures, in the words of
> Karen Sandler, that software freedom is ALWAYS in service to human freedom.
>
> —Coraline
>
> _______________________________________________
> License-discuss mailing list
> License-discuss at lists.opensource.org
>
> http://lists.opensource.org/mailman/listinfo/license-discuss_lists.opensource.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/license-discuss_lists.opensource.org/attachments/20200308/f5115640/attachment-0001.html>
More information about the License-discuss
mailing list