Oct 15, 2019
Ethical Open Source: Is the world ready?
By Lisa R. Lifshitz
Given its incredible popularity in the marketplace, there is no question that many software developers (and their respective companies) today see great value in using software that is subject to open source licenses. Users focus on the advantages to be had by gaining access, usually at no or minimal charge, to the software’s source code and to the thriving open source community supporting such projects.
Powered by a worldwide community supporting the code base, open source code is generally perceived to be more reliable, robust and flexible than so-called proprietary software, with increased transparency leading to better code stability, faster bug fixes, and more frequent updates and enhancements.
Historically the question of ethics and open source software (OSS) has mainly focussed on the goal of obtaining and guaranteeing certain “software freedoms,” namely the freedom to use, study, share and modify the software (as exemplified by the Free Software Definition and copyleft licenses such as the GPL family), and to ensure that derivative works were distributed under the same license terms to end “predatory vendor lock-in.”
Most users of OSS have been content to rely upon OSS licenses (many less restrictive than the GPL), that are approved and maintained for the ‘good of the community’ by the Open Source Initiative (OSI), a California-based public benefit company that sees itself as the steward of the cause. OSI is the creator (and proponent) of the Open Source Definition, a detailed document that sets out the central tenants of certain OSS philosophy —including requirements of free distribution, distribution of source code, integrity of the author’s source code, code not specific to a product, license to be technology-neutral, etc. —governing which OSS licenses can be labeled with the open-source certification mark, the OSI “seal of approval.”
However, the open source status quo is increasingly being challenged by a number of developers who are unsatisfied with the current state of ethics in open source. These individuals advocate a more activist approach to ethics by creating new OSS licenses that contain deliberate moral clauses that most certainly contravene the current Open Source Definition. Three such licenses will be briefly discussed, followed by analysis as to likely next steps.
1. The Hippocratic License. This license was created by Coraline Ada Ehmke, author of the Contributor Covenant, an open source code of conduct created in 2014 that has been adopted by over 200,000 open source projects and organizations, including Linux and Salesforce OSS. More recently Ms. Ehmke founded the Ethical Source Movement, creating the Ethical Source Definition. Released on September 22nd, the Hippocratic License is a modification of the popular MIT OSS license, freely acknowledging that that it is “derived from the MIT License, as amended to limit the impact of the unethical use of open source software.”
In additional to the usual terms, the license contains a new clause that states that “The software may not be used by individuals, corporations, governments, or other groups for systems or activities that actively and knowingly endanger, harm, or otherwise threaten the physical, mental, economic, or general well-being of individuals or groups in violation of the United Nations Universal Declaration of Human Rights.”
On September 23rd the OSI responded (via Twitter) less than glowingly to the release of the Hippocratic License, complaining that the “intro to the Hippocratic Licence might lead some to believe the license is an Open Source Software licence, and software distributed under the Hippocratic Licence is Open Source Software. As neither is true, we ask you to please modify the language to remove confusion.” On the same day, OSI co-founder Bruce Perens wrote a detailed blog post that attacked the license as simplistic and contradictory containing terms “simply far more than could be enforced in a copyright license.” Spirited dialogue has ensued involving Ehmke and other open source community users, and the license is pending further legal review.
2. The Anti-996 License. First published in April 2019 by J.D, University of Illinois, College of Law and Suji Yan, CEO of Dimension, the "Anti 996" License Version 1.0 is another variation of the MIT OSS license, this time requiring users of the project's software to comply with local labour laws as well as International Labour Organization standards (including the right for workers to collectively bargain and a ban on forced labour).
The name ties into the so-called “Anti-996 Movement” which references the 9 am to 9 pm, six days a week work schedule prevalent in China’s technology and other industries. Specifically, Section 2 of the license requires individuals or legal entities to “strictly comply with all applicable laws, regulations, rules and standards of the jurisdiction relating to labor and employment where the individual is physically located or where the individual was born or naturalized; or where the legal entity is registered or is operating (whichever is stricter). In case that the jurisdiction has no such laws, regulations, rules and standards or its laws, regulations, rules and standards are unenforceable, the individual or the legal entity are required to comply with Core International Labor Standards.”
Section 3 of the license prohibits individuals or legal entities to induce, suggest or force its employees, whether full-time or part-time, or its independent contractors, in any methods, to agree in oral or written form, to “directly or indirectly restrict, weaken or relinquish his or her rights or remedies under such laws, regulations, rules and standards relating to labor and employment as mentioned above, no matter whether such written or oral agreements are enforceable under the laws of the said jurisdiction.” The license also prohibits employees or independent contractors from reporting or complaining to the copyright holder or relevant authorities monitoring the compliance of the license about its violations of the said license.
While the code repository and software collaboration platform GitHub quickly published lists of companies requiring its employees to work these draconian hours, the organization now also hosts a “955 List” of companies where workers are not required to work overtime, as well as the more than 100 projects that have adopted the Anti-996 License to date.
3. The “Just World License” (or Do No Harm License). The preamble for this OSS license states that the Just World License is for developers who agree in general with the principles of open source software, but are “uncomfortable with their software being used as part of efforts to destroy lives, our environment and our future…In short, developers who use this license want their code to contribute to a just world for all.” Released in 2018 as the Contributor Covenant (pre 1.0), available at https://github.com/raisely/NoHarm, this license is based on the BSD 3-clause license, but with specific exclusions for using licensed code to promote or profit from: (i) violence, hate and division; (ii) environmental destruction; (iii) abuse of human rights; and (iv) the destruction of people’s physical and mental health.
Accordingly, the scope of the prohibitions are very broad and detailed; for example, the software cannot be used by any organisation, website, product or service that lobbies for, promotes, or derives a majority of income from actions that support or contribute to sex and other human trafficking, slavery, indentured servitude, gambling, tobacco, adversely addictive behaviours, nuclear energy, warfare, weapons manufacturing, war crimes, violence (except when required to protect public safety), burning of forests, deforestation, hate speech or discrimination based on age, gender, gender identity, race, sexuality, religion, nationality. Companies or individuals that lobby against, or derive a majority of their income from actions that discourage or frustrate peace, access to the rights set out in the Universal Declaration of Human Rights and the Convention on the Rights of the Child, peaceful assembly and association (including worker associations), a safe environment or action to curtail the use of fossil fuels or prevent climate change, or democratic processes are also precluded from using the software.
There are currently no projects on GitHub listing the use of this license and the accompanying note states the “License is currently in draft and should be considered not stable” but that the developers are “working towards a version 1 of the license.”
The Value of Ethical OSS Licenses and Next Steps. Support for so-called ethical OSS licenses is not universal amongst the OSS community and it not surprising that the recent release of the Hippocratic License has engendered its fair share of bricks and bouquets. Given accusations by Emke that the OSI has prioritized software freedom over ethical concerns, it was predictable that the OSI would essentially assert that the Hippocratic License is not certifiable as a legitimate OSS license (presumably because it fails to pass two critical Open Source Definition requirements, namely numbers 5 (No Discrimination Against Persons or Groups) and 6 (No Discrimination Against Fields of Endeavor). Many ethical licenses may fail on these grounds, particularly the requirement that an OSS license must not restrict anyone from making use of the program in a specific field of endeavor, such as a particular business, or from being used genetic research by way of example.
Critics have also been quick to point out the challenges of ethical OSS licenses: enforceability, for one (at worst a license can be “revoked,” but it may be difficult to force anyone to actually change their behaviour or stop using the code), and practicality (who gets to decide what is an “adversely addictive behaviour”?). At the same time, ethical OSS pundits such as Chris Jenson have argued that the GPL was and is also rooted in a strong ideological viewpoint (software should be free, as in speech) and while such views are now widely accepted, “when it first appeared it was a very new and strange idea about licensing software, and was met with a lot of resistance.”
Moreover, many would assert (myself included) that the real value of ethical OSS licenses is that they are inherently disruptive by bringing attention to these ethical issues, challenging the status quo (including the Open Source Definition), and spreading the idea (in Jenson’s words) that software “should be used for the betterment of the world” and that “as developers we can take responsibility for how our code is used.” It ultimately may not matter if such licenses gain “official” certification, and the approval of organizations such as the OSI if they otherwise have an impact.
Arguably the more narrowly drafted ethical OSS licenses, such as the Anti-996 License, stand a better chance of being voluntarily adopted (in comparison with the sprawling Just World License); and the fact that so many code projects and companies appear to have adopted the Anti-996 License to date is impressive.
Notwithstanding its initial protests, even the OSI may eventually be forced to reconsider and update its OSI Definition, given that the document dates back to the 1990s (an eternity in tech years). In an age of increased technology worker activism, where U.S. employees have successfully pressured their employers to cease certain kinds of work for the U.S. military (e.g., Google’s aerial drone imagery analysis), ICE and U.S. Customs and Border Protection, it may be difficult to fully ignore the potential impact of ethical OSS.
Only time will tell whether certain of the ethical OSS licenses will succeed or fall into obscurity.
This article was originally published in Canadian Lawyer magazine.