A Six-Month Retrospective on Ethical Open Source
The open source community has a strong desire to evolve, and if necessary, to redefine itself, to ensure that it can address the magnitude and complexity of today’s social, political and technological challenges.
The Parable of the Locksmith
The parable of the locksmith presented here is based on a thought exercise proposed in the 1960s by Edmund Berkeley, early computing pioneer and founder of the Association for Computing Machinery (ACM).
“One day, a mysterious stranger walked into a locksmith’s shop. The locksmith had never seen this man before, but he could tell from the way he was dressed that the stranger was well-to-do. He came to the locksmith with a proposition.
“‘I have a job that needs doing, and it requires someone with your highly specialized skills,’ he said. ‘I’ve done my research and you are one of the smartest and most capable locksmiths I’ve ever heard about.’
“He felt very flattered, and more than a little intrigued. The man continued.
“‘I want to hire you to open a certain safe. Never mind whose safe it is—that’s none of your concern. Just do the job I hire you to do, and I will make you rich beyond your wildest dreams.’
“The locksmith was excited at the proposition of such a lucrative job, but also a bit nervous about not knowing who the safe belonged to. It seemed suspicious.
“The stranger went on. ‘There are certain conditions you will have to agree to. First of all, I will blindfold you and take your phone before bringing you to the safe’s location. And you can never tell anyone that I hired you.’
“This struck the locksmith as very odd, but he thought about what the man had said about making him rich. He felt like he had struggled all his life, but was never properly rewarded for the hard work he put in day after day.
“The stranger continued, ‘You can have all the tools you need to do the job. The very best tools. I will spare no expense. If there’s something you need that you don’t have, I will buy it for you.’
“‘Take your time. I’ll be back tomorrow for your answer.’
“Despite his hesitation about the nature of the job, the locksmith spent all night thinking about his crummy apartment, his shabby furniture, his daughter’s dream of one day going to college. From the beginning, his family had learned to scrimp and save just to get by. ‘Anyway,’ he thought to himself, ‘if I don’t take this job, he’ll just go to another locksmith. The second-best locksmith.’ He smiled to himself.
“The next day, when the stranger returned, the locksmith agreed to take the job.”
Keep the locksmith in mind. We’ll come back to him.
Life in times of open source
Since the term was coined by Christine Peterson1 in 1998, open source has grown from humble origin to power nearly the entire internet.
Coalescing around the ideal of software freedom, over the past 20 years the open source community has come to thrive, enjoying wild success and permanently changing the technology landscape.
But the world has also changed in the past two decades, and the ethical stakes of technology are higher than ever. The open source community has a strong desire to evolve, and if necessary, to redefine itself, to ensure that it can address the magnitude and complexity of today’s social, political and technological challenges. Yet custodial organizations like the Open Source Initiative, backed by corporate open source interests, are working against this evolutionary force.
Today, the same open source software that enriches the commons and powers innovation also plays a critical role in mass surveillance, anti-immigrant violence, protester suppression, racist policing, the use of cruel and inhumane weapons, and other human rights abuses all over the world.
Software freedom at what cost?
As 2018 bled into 2019, horrifying details of the treatment of asylum seekers at the United States border with Mexico started getting mainstream attention. Some software developers were beginning to wake up to the idea that they might be somehow complicit. After all, both the ICE and Border Patrol agencies were literally committing atrocities using the software that the open source community produced2.
For many, the moment of awakening came on September 20, 2019 when Shanley Kane (editor, Model View Culture) tweeted3 about Chef’s contract with ICE. The revelation came as part of an ongoing nationwide campaign calling out complicity among tech companies, organized by ConMijente under the hashtag “#NoTechForICE”.
One engineer who read that tweet, Seth Vargo, did in fact feel complicit. He had previously worked for Chef, and was the creator of a number of open source tools designed to help other developers integrate with Chef’s software. He realized that his former company was unapologetically4 aiding and abetting human rights violations, and they were doing it with his code.
Vargo deleted his source code from GitHub and pulled his libraries from RubyGems. As a result, builds and deploys across the planet started failing.
How did the open source establishment react to this dramatic act of conscience? Chef claimed intellectual property rights over the open source code that Vargo had produced. GitHub restored the deleted repositories under Chef’s namespace within hours. At the insistence of the company’s lawyers, even the Ruby Central board agreed to assign Chef the namespace for the yanked libraries on RubyGems.5
At the original URL for the Chef Sugar repository, Vargo has a repo that is empty except for one file, a README that says:
“I have removed my code from the Chef ecosystem. I have a moral and ethical obligation to prevent my source from being used for evil. I apologize for the disruption to your workflow. I will be happy to restore the old repository and gem versions if Chef cancels their contract with the agency.”6
The rising Ethical Open Source revolution
Two days later, on September 22nd, I launched firstdonoharm.dev. The site declared,
“Politics and software are so entangled that they cannot be reasonably separated. There is no neutral position. You can’t build systems that are being weaponized and take no responsibility for them.”7
The site introduced the Hippocratic License8, an MIT derivative open source license under which code cannot be used for committing acts in violation of the United Nations Universal Declaration of Human Rights.
Within 2 weeks, the Ethical Source Movement came online. On our website we proposed that the open source community had outgrown its prime directive of absolute software freedom—the ability to use the software for any reason, without restrictions.
The Ethical Source Movement site describes our mission this way:
“We are creating ways to empower developers, giving us the freedom and agency to ensure that our work is being used for social good and in service of human rights. We are building tools to enforce fair, ethical, and community-minded terms for those who benefit from our work. We are united in our conviction that software freedom must always be in service of human freedom.”9
In a few short weeks, what began as a single tweet was becoming an existential threat to the open source establishment. Even mainstream news outlets like The Atlantic10 started publishing pieces describing the emerging conflict between the purist software freedom advocates and the open source developers who believe that they bear ethical responsibility for their code.
The Ethical Source Movement started to take shape, and I began exploring different ways of bringing the issue of software developers’ ethical responsibilities to a wider audience.
In October 2019, I published the Ethical Source Definition11, an alternative to the Open Source Definition, the founding doctrine of the Open Source Initiative. The latest version of the ESD is the product of collaboration among working group members. It lays out the parameters under which an open source project can be considered Ethical Open Source: it must benefit the commons, be developed in the open, foster a welcoming and just community (with an enforced code of conduct), put accessibility first, and protect user privacy.
By November, I had formed a formal Ethical Source working group, bringing together over a hundred intellectual property experts, lawyers, major open source project maintainers, and tech activists to collaborate on strategies for shouldering the ethical responsibilities of technologists.
January 2020 saw the launch of our controversial “Icebreaker” web site12, which documented, by language, all of the thousands of open source libraries that the ICE software contractor Palantir uses.
In February, at the CopyleftConf in Brussels, I delivered an incendiary talk called “The Rising Ethical Storm in Open Source” as a formal introduction of the principles of Ethical Source to the mainstream open source community.
In March, in collaboration with a pro-bono legal team, I released a stable version of the Hippocratic License (2.1). March also saw me and Tobie Langel, a working group leader, run for seats on the Open Source Initiative board. Although we lost our election bids, our platforms garnered support from 35% of the organization’s voting members.
All of this happened within six months of Shanley Kane’s tweet and Seth Vargo’s act of conscience. Evolution turned into revolution.
The locksmith’s regret
“After multiple blindfolded trips to and from the unknown location, the locksmith finally cracked the safe. He wasn’t allowed to see what was inside of it; the stranger blindfolded him as soon as the lock clicked open. But true to his word, the stranger made the locksmith exceedingly rich.
“A week later, the retired locksmith saw a news headline about the theft of top-secret military schematics. And soon after that, the stranger himself appeared on the world stage, declaring himself master of all nations, backed by an army equipped with a stolen superweapon.”
Software developers have highly specialized skills that are very much in demand. But implicit in this demand is the reality that we’re always going to play the role of the locksmith. And there will always be a villain trying to get us to open that safe.
We have a moral imperative to prevent our work from being used to harm others. Freedom for freedom’s sake is incompatible with our greater-than-average responsibility to society.
Software freedom must not come before human freedom.
This article was heavily influenced by the legendary post-punk outfit Wedding Present and an extraordinary indica hybrid called Wedding Cake.
2 “The military-industrial complex cannot get enough of open source”, Tamlin Magee, Computer World. https://www.computerworld.com/article/3442240/the-military-industrial-complex-cannot-get-enough-of-open-source.html Retrieved April 12, 2020.
4 “I do not believe that it is appropriate, practical, or within our mission to examine specific government projects with the purpose of selecting which U.S. agencies we should or should not do business. My goal is to continue growing Chef as a company that transcends numerous U.S. presidential administrations.” From a letter from Chef CEO Barry Crist to all employees of the company.
5 https://blog.rubygems.org/images/rubygems-chef-statement.pdf. Retrieved April 13. 2020.
6 https://github.com/sethvargo/chef-sugar Retrieved April 13. 2020.
7 https://firstdonoharm.dev Retrieved April 13. 2020.
8 https://firstdonoharm.dev/version/2/1/license.html Retrieved April 13. 2020.
9 https://ethicalsource.dev Retrieved April 13. 2020.
10 “The Schism at the Heart of the Open-Source Movement”, Sidney Fussell, The Atlantic. https://www.theatlantic.com/technology/archive/2020/01/ice-contract-github-sparks-developer-protests/604339/ Retrieved April 13. 2020.
11 https://ethicalsource.dev/definition/ Retrieved April 13. 2020.
12 https://icebreaker.dev Retrieved April 13. 2020.