Open-source software: freedom from ethics?

A new open-source licence asks users to respect human rights, but not everyone agrees.

When the US Air Force revealed in December 2019 that it was using the open-source software Kubernetes for its fleet of F-16 warplanes, some programmers took to Twitter to voice their discontent. “Sometimes it’s really hard to justify working as a software engineer to my conscience,” read one Tweet. “Should be clauses in open-source licenses that would disallow military use and government abuse,” said another.

Coraline Ada Ehmke, a software developer from Chicago, has been trying to do just that. In 2019, she created the Hippocratic Licence – named in reference to the Hippocratic oath – a licence that puts ethical restrictions on the use of open-source code.  

Open-source software is distributed with a licence that generally allows anyone to use, study, change, or share its source code, without restrictions on how the software is used or by whom. The Open Source Initiative, which governs the most widely used open-source licences, even goes so far as to say that this means “giving evil people freedom, too.” Supporters of the Hippocratic Licence and other ethical licences like it believe it is time for programmers to take a less passive approach.

“It’s time for open-source to grow up and start taking responsibility for how it’s being used. We can’t stick to these [...] libertarian ideals of ultimate freedom, when we exist in a society where the work that we do impacts others, sometimes in devastating ways,” said Ehmke. “I love the way open-source has transformed the world, and I think it has potential to continue. But we have to get our house in order.”

Today most software, commercial or not, relies on open-source code to at least some degree. A 2020 report by Synopsys that reviewed more than 1,000 applications found that 99 per cent contained open-source components. Increasingly, open-source is also used for military applications, the F-16 fleet being only one example among many.

In October 2020, the US Air Force said it used artificial intelligence to control some navigation systems and sensors on one of its U-2 spy planes, marking a watershed moment – most likely the first time AI was used in a US military aircraft. This algorithm, too, relied heavily on open source.

Software and technological advancement were long seen as a booster of democratic progress, and tech workers considered their work to be apolitical. Yet as society becomes aware of the many adverse effects – mis- and disinformation, online harassment, biased algorithms, surveillance – more programmers are starting to think about how their software is used.

Workers at Google, Microsoft and the like can put pressure on their employers to stop using their products in ways they see as unethical, but it is harder for open-source contributors (who often volunteer their work) to reclaim control once their code has been published.

In 2018, some Microsoft employees were outraged when they learned of the software giant’s $480m contract to supply augmented-reality headsets, intended for the battlefield, to the US Army. “We did not sign up to develop weapons,” they wrote in a protest letter. That same year, the news that Google had partnered with the US military to help develop artificial intelligence for drones led some employees to resign amid widespread protest.

Ehmke said she first created the Hippocratic Licence in October 2019 in response to the campaign #NoTechForICE by immigration rights advocacy group Mijente, which tried to stop tech companies from working with the US Immigration and Customs Enforcement agency (ICE). During the Trump administration, ICE sparked outrage with its inhumane treatment of unaccompanied minors who were sometimes kept in cages, its practice of separating families at the border, as well as violent deportations.

Software engineer Seth Vargo realised that Chef, a company that was using his open-source code, had a contract with ICE, and he decided to remove it from online repositories. “It was an act of conscience. But the open-source establishment denied him the right to control his work,” said Ehmke. “Chef said that because they employed him, they own the intellectual property, and all the code was restored in less than a day,” she continued. “I was really outraged by the failure of our system to allow a developer like Seth Vargo to take out a stand of conscience against the way his software was being used.”

Ehmke wanted to find a way for open-source programmers to deny the use of their work if it was used in human rights abuses and came up with the idea of the Hippocratic Licence.

After launching the licence, Ehmke founded the Ethical Source movement that combines several ethical open-source licences under one umbrella. She said licensing isn’t the only way in which she and her collaborators are trying to bring change.

“Licensing is just one prong in our strategy, but we have lots of other things that we care about. We want the entire process to fall into an ethical framework where people are taking responsibility for their impact on society. That goes far beyond the licence that the software is distributed with,” she said. “There’s this whole notion that technology is neutral. And this is a very, very dangerous idea. Technology doesn’t exist in a vacuum. Technology exists within human society. And it’s a real shirking of responsibility to say, well, all I did was manufacture it, all I did was create it.”

So far, Ehmke’s licence has been adopted by several dozen open-source contributors. Many of them share similar motivations for making the change from more conventional open-source licences.

“I don’t want to create software for people or corporations who actively destroy our planet and society,” said Fynn Becker, a 24-year old front-end developer from Germany who has been active in the open-source community for five years. He adopted the Hippocratic Licence for his projects in light of a growing political far right and ongoing racism, as well as climate change, he said.

“Permissive licences like MIT or Apache originate from a different time. They were great in the early days of open-source, so new projects wouldn’t have to deal with legal matters,” he said, adding that today he considers them an “easy way out” for programmers who don’t think or don’t want to think about the ethical implications of their work.

While many companies still enforce licence policies that only allow conventional licences, issues such as biased AI algorithms, questionable labour practices and disinformation on social media have brought ethical aspects of software development into focus, he said. “I don’t see a massive adoption of ethical licences any time soon, [but] I’m glad that people and companies start to think about their behaviour,” he added.

Tarjei Husøy from San Francisco, who is leading a team of software engineers at Medal, a gaming video-clip start-up, shared that sentiment. “Obviously licensing is unlikely to be a silver bullet to solve human rights abuses we see today, but it hopefully is a small change we can make that increases the cost of building tools to assist in such causes,” he said. He compared the effort to software security, saying it was near impossible to build software that is 100 per cent secure, but if programmers make enough of an effort, they could make it uneconomical for hackers to try to attack.  

“I hope that having the alternative of picking ethical licences will make people think about how their code might be used. Licensing might not be the solution, but at least for now it helps bring some attention to the problem so that hopefully we can come up with some lasting solutions,” he said. He decided to move his projects to the Hippocratic Licence after hearing that ICE relied on a lot of open-source software for its operations, he added.

The Open Source Initiative indicated in a Tweet that it doesn’t consider the Hippocratic Licence ‘open source’. According to its definition, open-source software “must not discriminate against any person or group of persons” and “must not restrict anyone from making use of the program in a specific field of endeavour.”

OSI co-founder Bruce Perens outlined his criticisms of the licence in a blog post titled ‘Sorry, Ms. Ehmke, The ‘Hippocratic Licence’ Can’t Work’. In it, he called the effort “simplistic and self-contradictory,” and wrote, “the point here is that the definition of what is ethical changes over time, from place to place, and from one individual to the next.”

Another common criticism is that enforcing the rules imposed by the licence might be tricky. Some supporters of the Hippocratic Licence share that concern.

“The issues and controversy around ethical licences come from the enforceability of them. This is one particular weakness of the Hippocratic Licence,” said Filipe Laíns, a developer from Portugal who moved his projects to the licence recently. “I had to remove it from one of my projects because people were scared about the way it is enforced, and [they were] scared to have legal trouble even if they don’t do anything wrong,” he said. He is nevertheless a strong supporter of the licence and hopes that future changes will address the issue.

Luis Villa, a lawyer specialising in open-source licensing, wrote in a blog post last February that even though he supported Ehmke’s work, he advised the company he co-founded not to adopt the licence yet, citing a handful of concerns.

“The clause of the license that references the UN Universal Declaration on Human Rights allows the licensor to terminate a license based on any allegation (even self-made) of a violation. This makes the licensor judge, jury, and executioner because there is no requirement that the allegation be supported or proven,” he wrote.

Still, the way Ehmke was iterating through the licence version made him optimistic that the project could move to a licence that “meets the moral goals” of projects that adopt it, as well as the “pragmatic needs of the many businesses (like ours) that rely on them,” he added. Villa has since contributed to the project. He said he hasn’t had time to review the latest version of the Hippocratic Licence yet, which might address some concerns.

Ehmke and her collaborators have tried to address some of these concerns in the latest version of the Hippocratic Licence, which was released at the beginning of 2020. The first version of the licence was “very primitive,” Ehmke said. One key aspect the group had to get right in the new version was the enforcement mechanism.  

She sought help from an organisation called Corporate Accountability Lab, which got her in touch with a legal team. “We were working really hard to conceive of an enforcement mechanism that was fair, and not an undue burden on either party,” she said, adding that human rights legislation across the world is very spotty, which meant they couldn’t trust that courts in a given jurisdiction would rule in a fair way. She said the enforcement mechanism now included in the licence is based on The Hague Rules for Business and Human Rights Arbitration, which were launched at the end of 2019.

Bastiaan Terhorst, chief technology officer at WeTransfer, a Dutch file transfer service that has adopted the Hippocratic Licence, told us most of his employees support the move. “The concerns we see, inside and outside our organisation, are primarily to do with the fact that the Open Source Initiative has not officially approved this licence as an Open Source licence,” he said in an email.  

Terhorst says the Open Source Initiative should understand that software isn’t neutral and it should therefore be acceptable to limit the use of software when it is used to harm others. “In our minds, theoretical absolute freedom (which the OSI defends) should not trump the practical real-world harm that is being done in the world with software, at this moment.”

Part of the reason why the Open Source Initiative and proponents of the status quo insist so sternly on their idea of software freedom may lie in the movement’s history.

“There’s a way in which the world of free and open-source software has allowed for very different types of licences, but nevertheless, there’s always been this sort of hesitancy to restrict based on uses or groups,” says Gabriella Coleman, who holds the Wolfe Chair in Scientific and Technological Literacy at McGill University, Montreal, Canada, and has written about the open-source and free-software movements in her book ‘Coding Freedom: The Ethics and Aesthetics of Hacking’. The big change the Hippocratic Licence and other licenses like it bring is that while there are no limitations on persons or groups; they aim to limit a certain type of use, she adds.

When the Free Software Movement and the Open Source Initiative first launched more than two decades ago, programmers were motivated by other concerns. At the time, the main concern was being able to freely build software, access software, and share with others, she says. “I think back then, the concern was what I call ‘productive autonomy’. People involved in the movement wanted to ensure developers and those who potentially can contribute to development or those who could also just use software, were not prevented from doing so. It was a reaction to a very, very aggressive intellectual property system.

“People now think about ‘Oh, wait, who and what do I want my software used for? And by who?’ And there is much more awareness and a reckoning by designers and developers themselves,” she says, adding that given this new reality, it makes sense to see innovation on licences. “In some ways, interventions by the hacker community, whether it was the GPL by Richard Stallman, or what we’re seeing today, are always in response to social conditions and trends. The social conditions and trends and conversations that were happening in the ’80s are different from what is happening today, so it doesn’t totally surprise me that there’s new licences.”

This doesn’t mean that OSI members are all opposed to ethical licences. In 2020, the initiative formally conducted a survey of current, past and prospective members for the first time in its history. The resulting report documented that “a number of prospective and current members called out their disappointment in the OSI’s responses to the ethical licensing movement,” noting this sentiment was especially common among new prospective members.

One prospective member was quoted as saying that “the OSI could be positioned to lead the current discussion around problems of open source licensing, such as unethical use (i.e. human rights violations).” The report states that members sent “a clear message that, while acknowledging and valuing that the OSI is trusted to speak on the community’s behalf, it must also listen to earn and maintain that trust.”

In March 2020, Ehmke herself ran for a board seat in the OSI’s 2020 election. While she didn’t win a seat, she came in fifth, out of 15 candidates.