Should open source be ethical?

At present, software licenses that prohibit socially harmful or unethical uses cannot be considered open source. Should we change that?

Should open source be ethical?

The Open Source Initiative (OSI) is the governing body of the definition of what it means to be Open Source and which licenses are accepted as Open Source licenses. It coined the modern use of the term “open source” and maintains the Open Source Definition.

Right now there is a group of people who want to take over OSI and change the Open Source Definition to include ethical clauses. These clauses include things such as prohibitions on human rights abuses. Presently such licenses violate the Open Source Definition.

A brief history of open source

Open source is a fork of “free software.” Free software begins with an ethical basis, the four freedoms, which are loosely inspired by Franklin Delano Roosevelt’s “Four Freedoms.” The Open Source Definition (OSD) encodes the same rights as the four freedoms using different terms (read: longer-winded legalese).

One of the four freedoms, for instance, is freedom 0, “The freedom to run the program as you wish, for any purpose.” The OSD encodes similar ideas as “The license must not restrict anyone from making use of the program in a specific field of endeavor” and “The license must be technology-neutral.”

The Open Source Initiative was founded to maintain and propagate the OSD and the list of approved licenses. It has survived many controversies including the first wave of vendors trying to set up obstacles to cloud usage in “attribution licenses” (the most famous being the Free Software Foundation’s Gnu Affero license). And the most recent wave of vendors like MongoDB wanted direct prohibitions against others setting up cloud services. (MongoDB withdrew its Server Side Public License from the OSI approval process after it received negative feedback and thus MongoDB is not currently open source licensed.)

Despite the different definitions, almost all free software licenses are considered open source licenses and most open source licenses produce free software, with a few exceptions. Most of the disjunction are licenses that you’ve never heard of and the reasons in most cases are somewhat esoteric (read: who cares ‾\_(ツ)_/‾).

What about ethics?

Coraline Ehmke is a Ruby developer who created the Hippocratic License, which among other things prohibits using the software in a way that “violates human rights laws.” Ehmke also founded the ethical source movement around similar principles: “Creators have the right to prohibit use by individuals or organizations engaged in human rights violations or other behavior deemed unethical.”

At present, the Hippocratic License and any similar ethical source licenses cannot be considered open source. As mentioned, the OSD prohibits a license that restricts someone from using the program in a specific field or endeavor (as stated above). Such a license would not be considered free software either. Thus both the open source and free software movements protect your right to use said software to commit human rights violations.

To use an illustration ad absurdum, if someone wanted to use open source or free software to build a mass execution chamber, a free or open source license guarantees their right to use the software in this endeavor. That doesn’t mean it is legal to do so. Generally, field of use restrictions have a less dramatic history, such as when Sun Microsystems restricted various software from being run on mobile devices

A lot of this controversy stems from current American politics. The US Immigration and Customs Enforcement agency (ICE) has infamously put children in cages. This has incensed many people, including this writer. One open source developer has taken direct action against his former employer who does business with ICE. Presumably, ethical source licenses would prohibit ICE from using software protected by them.

However, there are other considerations. In the case of developers working on human rights and public good software, should they be required to allow people to use their software for purposes that they see as human rights abuses? As one such developer, Michael Downey, put it, “Great harm is already being done—right now—by the doubts cast on the reliability and stability of the OSD as a viable tool to ensure long-term viability of critical public goods for humanitarians orgs. They need that certainty of rights to sustain their work.”

Many see adding ethical restrictions as both impractical and redundant. Meaning that national laws generally supersede licenses. In countries that respect human rights, the license would be redundant. In countries that do not respect human rights, the license would be unenforceable in their courts. One aligned advocate suggests relying on international institutions, but international arbitration and legal bodies are not set up for such disputes and this would be cost-prohibitive for all but the deepest of pockets.

There are other detailed practical issues, such as a proposal to add a ban on Amazon’s use of a software package due to its contract with ICE persisting in perpetuity. In the past, there were pre-open source licenses that prohibited the South African police from using the software due to Apartheid. If Amazon discontinues its contract with ICE are they then unbanned? How does that take effect?

I asked OSI Vice President Josh Simmons about this. In his opinion, “It doesn’t make sense to modify the OSD to accommodate an unproven category of licenses. The OSD comes from the DFSG, which was written to describe an existing, and already proven, category of licenses.”

I’d also question whether the open source movement, which was constructed without ethical arguments, is the right place for an ethics movement. It is easier to imagine the free software movement adding freedom 4, “Freedom from Harm,” than OSI incorporating ethics when it was deliberately constructed without them. In fact, the inspiration for the Free Software Foundation’s four freedoms, FDR’s four freedoms, are the pillars of the Universal Declaration of Human Rights on which Emkhe’s ethical source Hippocratic license is also pinned.

In any case, adding a whole new class of licenses would complicate software development and the legal issues around open source. (Indeed many organizations ban the “attribution” licenses because they don’t want to deal with the technical and legal issues.) In the past, OSI has tried to reduce “license proliferation” as there are already a number of redundant or barely different licenses, which can be a pain for developers to manage. Many, including myself, question if this is the right forum or mechanism to force social change.

Changing the OSD

Ehmke seeks to run for an OSI board position to advocate for ethical source by changing the Open Source Definition to allow licenses with ethical restrictions. She has a passionate constituency who advocate for this change.

OSI is set up to resist change unless the vast majority of the open source community want it. The OSD has not been changed substantially since it was derived from the Debian Free Software Guidelines. As Simmons put it, “OSI has always worked to be a stabilizing force within open source, diligently reviewing licenses, weighing in on policy decisions, and working to stymie unnecessary license proliferation. As an organization that serves a broad coalition, OSI’s role is to focus on shared interests and consensus. If Ethical Source licenses mature, and consensus evolves, then this is a conversation we can revisit.”

To succeed Emkhe will have to win multiple board elections over multiple years, get additional surrogates to run (and win) board seats and convince a larger number of people in the open source community that this is a good idea. It seems unlikely, despite a passionate minority, to succeed.

An alternative

Ethical Source can exist without changing the OSD and in fact without OSI. The stark reality is that only organizations committed enough to deal with potentially thorny (read: expensive) legal issues and risks are likely to use licenses with ethical clauses even if OSI were to sanction them. If Ethical Source were established separately from OSI, then Ethical Source projects would be free to incorporate open source software with an Ethical Source result, while open source software wouldn’t be able to use Ethical Source components and have the result be considered open source.

However, many organizations would avoid Ethical Source licenses anyhow. So the benefit of the “open source” stamp on “ethical source” seems dubious—at least to me.

The milieu

If you just want to understand the issues at hand and you are not into the drama you can stop reading now.

Sadly a characteristic of arguing on the internet is to get frustrated and personally attack the people you disagree with. Eric S. Raymond, while a very influential person at the beginning of open source, has had a nasty habit of relying on vile ad hominem attacks and devaluing and degrading a person to get them to quit an argument. He’s done that here and been removed from the OSI mailing lists. Raymond seems not to understand that he doesn’t have a sacrosanct “right to be rude.” If so motivated, you can find what he said, I won’t link or repeat it here. You have a right to say whatever you like, but I also have a right not to publish or link to it.

For her part, Emkhe is running “against” OSI as much as she’s running for a board seat. In her attack (now deleted), she confused Richard Stallman, the founder of the Free Software Foundation with Eric Raymond and Russ Nelson. Stallman has never been involved in OSI and is ideologically (and ethically) opposed to it. The issues she brings up are over a decade old ( about the same time that Raymond ceased to be involved). And the Raymond issue was dealt with rather efficiently.

Another enthusiastic supporter suggested that OSI board members were “aligned with now-fascist-adjacent ancap libertarian [ideas] leftover from the founders.” And that those who disagree with the proposed reforms are “part of the problem.”

Radicals and iconoclasts tend to burn out, but the institutions can outlast them. People who behave repugnantly and have repugnant views can have some great ideas and do some great things. Well-meaning and even brilliant people can have some bad ideas. People that disagree with you are not automatically your enemy or your enemy’s allies. OSI as an institution, due to some of the governance reforms in the last decade, should be able to outlast them—just as it outlasted the participation of its early founders.

The OSI board election ends March 13, 2020. If you need a break from all of the drama of the other election going on... well, maybe this is just more drama.


Generally, I inline my disclosures but I have a few here:

  • Couchbase is my employer and produces both a proprietary and a community edition NoSQL database (with source released under an OSI approved license) that competes with MongoDB.
  • In the past, I served on the board of the OSI. I have long-standing personal and professional associations with some current and past board members. As a result of serving on the board, I’m an OSI member for life. I’ve not actively participated in OSI for several years now. While I could technically vote in this election, I do not intend to.
  • Before and during my tenure at OSI I advocated very strongly against so-called attribution licenses, which I feel spiritually if not practically violate the restriction on fields of endeavor and are difficult to define/enforce. These were intended to poison-pill cloud service providers. I also think they’re a terrible idea, and I think that has been borne out, but that is an article in itself.

Copyright © 2020 IDG Communications, Inc.