[License-discuss] in opposition of 'choice of law' provisions in FOSS licenses

[Bradley M. Kuhn]

Richard Fontana wrote at 18:28 (PST) on Tuesday:
> The FSF presumably did not see the presence of a choice of law clause as
> raising an inherent free software problem (as they recognized licenses
> like MPL 1.1, EPL 1.0, and the QPL as free software licenses)

I can speak to that, since, while I no longer have any affiliation with the
that the FSF (since 2019-10), I was involved in FSF's (admittedly very
opaque) license approval process at the time when all those licenses above
were determined to be “Free Software” licenses by the FSF.  FSF
contemporaneously (and somewhat aggressively) lobbied most of those folks to
not include and/or remove “choice of law” clauses.  FSF struggled over
approving those licenses with “choice of law” clauses.  The internal
discussion centered around concerns similar to those I was raising in the
license-review thread about the so-called “Open Logistics License” — that
one bad decision in one of those jurisdictions could invalidate the whole
license, and that was dangerous.

You'll note that FSF never *recommended* that people license their own
software under those licenses — rather, the determination was about whether
you could safely copy, modify, and redistribute the software in freedom
under those licenses if you were presented with software under them.  This
is an important nuance, and in fact, I remember the day I assisted in
writing the text for the QPL for the license-list that attempted to
communicate this nuance, as I recall it was the first time we had tried
since I started the FSF license-list back in the 1990s, to really
communicate with some clarity that the QPL was “barely” a Free Software
license and as such was acceptable for inbound use but should be avoided as
an outbound license whenever possible.  (I also recall that there was a
previous QPL that was straight-up non-Free before that, BTW.)

I *do* think license evaluation authorities have a duty to give that nuanced
assessment: some licenses are “barely acceptable” and as such folks
shouldn't avoid FOSS under them, but that ruling should come with a clear
and unequivocal recommendation that all parties avoid licensing future
software under those licenses when possible.

Indeed, I think one of the problems with the OSI license review process is
that that these important nuances is almost entirely lost is OSI's approval
process. (I'd however agree that historically the FSF probably erred on the
other side — being rather overly-obsessed with communicating the nuance such
that the main message was itself sometimes confused).

<https://opensource.org/licenses-draft> is an interesting approach to this
problem (although the idea that OSI expresses there that you need to hire a
lawyer fits with my concerns about the statements OSI's former Executive
Director and General Counsel (Larry Rosen) is currently making (see
below)). <https://opensource.org/licenses/category> is a good start, but,
speaking as someone who served as an invited outside party on the original
License Proliferation Committee (i.e., the ad-hoc one that existed before
the one whose report is at <https://opensource.org/proliferation-report>), I
find the fact that most of the vanity licenses aren't consider
“proliferation” is odd and curious.  (It's particularly interesting that
Microsoft (which currently has two of its representatives on OSI's board)
has been able to keep its obviously-proliferation licenses on the
“Uncategorized Licenses” section rather than the “Non-reusable licenses” or
section.)  Also, the category of “International Licenses” (where many of the
“choice of law”-including licenses are listed) makes it sound like those are
preferred for international work, and nowhere else on the page does OSI even
acknowledge that all the licenses "popular and widely-used or with strong
communities" are generally *all* drafted to operate internationally.

I'd probably have a lot fewer complaints about the “choice of law” situation
if OSI had a clear statement on its position on “choice of law” and why it
encourages people to use FOSS licenses that a “choice of law” clauses
despite the downsides.  Such a document could and should even discuss the
upsides that OSI sees about “choice of law”.

I think the problem stems from the fact of something that all license
evaluators (OSI, FSF, Debian) had done poorly: all these orgs treat license
evaluation as a discrete activity whereby big issues related to specific
planks that appear in FOSS licenses are only studied and considered when a
license is published that attempted to use those planks to reach some policy
goal.  By that point, the parties that wanted to chase that policy goal were
entrenched, they had their talking points all ready to go, and the orgs, all
of whom have limited resources, faced well-funded lobbying campaigns.  IMO,
this was the root cause of vanity licenses to begin with.

In other words, the license evaluators seem as if they operate like Courts,
but as Fontana and I have been saying, none of them have the kinds of
procedures that Courts do to find their own errors and biasses.
Furthermore, the political processes that decides “quis custodiet ipsos
custodes?”  are woefully inadequate, and that is admittedly as true for FSF
as it is for OSI in this regard.  (Debian is IMO slightly better since it is
an international democracy, but the political structure that the ftp-masters
have ultimate control over license decisions — and there is no appeal
process other than GR — presents different problems.)

Pamela Chestek wrote at 22:01 (PST) on Tuesday:
>> There are many licenses that either name a specific jurisdiction, will
>> have a specific, named jurisdiction once you know who the licensor is, or
>> allow the licensor to unilaterally choose a jurisdiction:

Pam, thanks for going through and finding all the OSI-approved Open Source
licenses that have a “choice of law” clause.  Of these licenses with “choice
of law” clauses that you've found, I see that there are 17.  Eleven of them
(more than half) are pure vanity licenses for specific entities.  Two more
(CDDL and CPAL) were both approved when OSI had no conflict of interest
policy, and folks involved in the license drafting were in major leadership
roles at OSI (i.e., Sun employees re: CDDL, and OSI's General Counsel Mark
Radcliffe re: CPAL).  While there are a remaining four that aren't pure
vanity licenses, I believe that VanL's license was written for a single
client that paid him to do the work (so it is a vanity license, just not
named after the client), and I suspect the others are similarly
single-organization licenses without widespread consensus.

Furthermore, on another vector: only *three* of these seventeen licenses
(and all three of those are pure vanity licenses) have a “choice of law”
that names a very specific jurisdiction, as opposed to naming something like
“jursdicition of the Licensor”.  I know this discussion isn't supposed to
happen on license-review (as OSI has cut off any further discussion about
concerns for choice-of-law for Open Logistics) but this speaks the fact that
there is basically *no* real precedent for the “Open Logistics License”
choice of law clause to be tied to a specific jurisdiction.

Anyway, as discussed above, I don't think precedents are all that meaningful
in a system that that has had a poor process and checks/balances for most of
its history, and *still* has absolutely no appeals process whatsoever.

Fontana wrote further:
> (2) the indication that approval was based not merely on satisfying the
> letter of the OSD but also on establishing that the proposed license would
> provide software freedom -- the latter has been severely criticized by
> some people though.

… but I also don't think that the OSI has actually taken that issue to
heart.  It seems to me that the OSI remains focused on a “barely satisfies
OSD standard” for license approval, and doesn't communicate nuances about
software freedom and rights with regard to specific licenses.

(Again, I state for the avoidance of doubt that despite these important
criticisms, the OSI is now doing a much better job here than the FSF on
transparency, and I credit Pam primarily for that.  I wouldn't (and didn't)
bother to engage if (and when) I thought the process and meta-process failed
to be open and fair.)

 * * *

Meanwhile, Lawrence Rosen wrote at 19:48 (PST) on Tuesday:
>> Brad[ley] has the illusion that his opinions about licenses (and
>> currently about jurisdictional clauses in licenses) qualifies him to
>> disapprove existing and already-approved licenses.

Larry, I never expressed such a representation about my qualifications.
Please cease with specious ad hominem statements.  I respond below to them
for the record so that your harsh and false words aren't left to stand for
the record, but I truly hope you don't come back with more personal attacks.
I don't think such personal attacks help the FOSS community or the readers
of this list and its archives.

>> He [Bradley Kuhn] is no expert on the legal issues of licenses in the US
>> and other countries.

Of course, I'm an expert, Larry; just as you are.  I think this community
errs when it assumes that only the opinions of lawyers are valid expertise
regarding FOSS licenses.

I state this for anyone who is a FOSS contributor who is intimidated by
these kinds of statements above that lawyers routinely make in these kinds
of discussions: Even if you're not a lawyer, if you've worked hard and
studied FOSS policy carefully and participated in FOSS communities, your
opinion on FOSS legal and policy issues *matters*.  The only activity that
you (as a non-lawyer like me) cannot do with regard to legal issues in FOSS
is *represent a client* or *give a client legal advice*.  Lawyers sometimes
will often tell you that your knowledge about FOSS policy is meaningless
because you haven't gone to law school.  Don't believe them when they tell
you this.  It's akin to folks with computer science degrees telling software
developers who didn't get a CS degree that they can never be good software
developers, even after decades of experience.

>> He [Bradley Kuhn] certainly is not a lawyer whose opinions matter over
>> those of actual lawyers in some magical way. Any court would say so and
>> shut him up.

First, I've seen many courts in FOSS licensing litigation to tell the
lawyers who are actually *representing* the litigants to cease speaking when
they're off-topic or saying something incorrect, so I don't think a Court
telling anyone to be quiet is dispositive about their expertise.  I have
never seen a Court tell someone to “shut up”, as Courts are almost never
rude and abusive — even to the worst of those who appear before them.  (I'm
sure it's happened in history that a Court has said “shut up”, but it's
surely a rare occurrence.)

Second, the interesting thing is that those of us who are *not* lawyers can
actually appear as an expert witness in cases (which, for example, I did, in
SFC's BusyBox litigation).  Typically, lawyers *can't* also appear as
experts in cases — at least in the USA.

I can assure you, Larry, that Judge Scheindlin in the USA SDNY didn't tell
me to “shut up” when I filed my expert report in the BusyBox case — even
though the Defendants lawyers tried really hard to convince her to do so: ☺
https://storage.courtlistener.com/recap/gov.uscourts.nysd.355978/gov.uscourts.nysd.355978.212.0.pdf

> For what my own limited opinion is worth, I certainly do not delegate
> to him, nor to the OSI board of directors, the right to retroactively
> disapprove my own licenses along with my own carefully-considered
> jurisdictional provisions.

Of course, I didn't suggest anyone to delegate to me.  But, of course,
anyone who has ever submitted a license to the OSI for approval delegates to
the OSI about whether or not their license appears (or continues to appear)
on OSI's own list.  It's *their* list; they can make whatever rules they
want regarding how and when licenses are listed or delisted as “Open
Source”.

What I've suggested is there be an appeals process to OSI's decision, that
interested parties should have a right to avail themselves of.  I also
argued that anyone who has an interest in FOSS licensing outcomes or
copying, modifying and redistributing FOSS should have standing to bring
such appeals.  I'd be glad to debate whether my suggestion on standing is
too broad, but the current standing constraints for delisting — that only
the license steward has standing — is (in the opinion of many) too narrow.

>  the OSI have ONLY the authority to determine whether licenses satisfy the
> Open Source Definition AND NOTHING MORE.

The OSI obviously also has the ability to modify its OSD, or anything else
it chooses to do — as long as its fitting with the charitable mission they
filed in their Form 1023.  Are you arguing that their Form 1023 bound them
to these specific set of tasks you list — and nothing more?  I suspect you
may have been the one who filed OSI's Form 1023, so you can likely speak to
that authoritatively for us.

  -- bkuhn