Blog post by Laura Moy. Please email any comments on this entry to <Laura Moy@softwarefreedom.org>.
This weekend marks the 300th anniversary of the Statute of Anne, widely considered to be the foundation of modern copyright law. The Statute, formally titled “An Act for the Encouragement of Learning," is often praised for placing intellectual property rights in the hands of individual authors and ushering in the era of public interest copyright law. In reality, however, the law's most lasting legacy has been the misguided proposition that “the Encouragement of Learned Men to Compose and Write useful Books" cannot be accomplished without copyright: a system which restricts the flow and use of information, chills collaboration, and presupposes that property rights are necessary to encourage innovation.
The passage of the Statute represents the culmination of a centuries-long partnership between the monarchy and publishers, the effects of which continue to be felt today. In 16th century England, religious and political unrest, coupled with the proliferation of printed media, threatened to compromise the crown's ability to control the masses. Queen Mary and King Philip engineered a clever media censorship scheme in response. In 1556 they struck a Machiavellian deal with the guild of London publishers: the publishers would cooperate with the crown to prevent the publication of undesirable works, and in exchange, the crown would grant them a monopoly over intellectual property rights and the power to destroy unlawful books and presses.
By the end of the 17th century, this partnership lapsed, threatening the publishers' monopoly. The publishers tried repeatedly to reinstitute the scheme, but amidst the growing importance of the electorate and an increasing hostility to private monopolies, all their efforts failed. The publishers had to change their strategy. If they were unable to reestablish copyright all for themselves, the next best thing for them would be to assign property rights directly to authors, who, unable to print and distribute their works on their own, would have no choice but to contract with the publishers. Publishers could then bargain with the authors to get exclusive publication rights, in essence perpetuating their monopoly over books.With this goal in mind, the publishers convinced Parliament that the creation of strong intellectual property rights was essential to encourage the advancement of learning.
So the Statute of Anne was born, and on April 10, 1710, became law. The Statute of Anne, which, like modern copyright, granted exclusive rights directly to authors for limited terms, was intended by Parliament to promote “the Encouragement of Learned Men to Compose and Write useful Books.” Intellectual property, which restricts individuals' use of each other's ideas, had formerly always been conceived as a tool of censorship. That it was now suddenly championed as a tool to encourage information sharing denotes nothing less than a radical shift and is testament to the success of the publishers in convincing Parliament that no one does anything for free.
This unfounded presumption that is now so deeply ingrained in modern conceptions of intellectual property, is the unfortunate legacy of the Statute of Anne. Hence the misguided challenge posed to the FLOSS movement with frustrating frequency: How can Free Software possibly provide adequate incentives to developers in the absence of strong proprietary intellectual property rights? Of course, our model does work. The fundamental flaw informing this question lies not in the shortcomings of the collaborative innovation model, but in the ancient assumption that only property rights can provide an effective incentive to write and publish. ";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:6:"author";a:1:{i:0;a:5:{s:4:"data";s:41:"Laura Moy@softwarefreedom.org (Laura Moy)";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:7:"pubDate";a:1:{i:0;a:5:{s:4:"data";s:31:"Sat, 10 Apr 2010 11:57:00 -0400";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:4:"guid";a:1:{i:0;a:5:{s:4:"data";s:79:"http://www.softwarefreedom.org/blog/2010/apr/10/300th-anniversary-statute-anne/";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}}}}i:1;a:6:{s:4:"data";s:0:"";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";s:5:"child";a:1:{s:0:"";a:6:{s:5:"title";a:1:{i:0;a:5:{s:4:"data";s:49:"Gene Patenting and Free Software: A Breakthrough ";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:4:"link";a:1:{i:0;a:5:{s:4:"data";s:94:"http://www.softwarefreedom.org/blog/2010/apr/06/gene-patenting-and-free-software-breaktrhough/";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:11:"description";a:1:{i:0;a:5:{s:4:"data";s:5431:"Blog post by Eben Moglen. Please email any comments on this entry to <eben@softwarefreedom.org>.
[Crossposted from Opensource.com].
Last week, to the surprise of patent lawyers and the biotechnology industry, advocates for technological freedom won an enormous victory against socially harmful distortions of patent law. The Federal District Court for the Southern District of New York held invalid patents owned by Myriad Genetics on diagnostic testing for genetic susceptibility to the most common hereditary forms of breast and ovarian cancer. By "patenting" the right to determine whether the BRCA1 and BRCA2 genes are present in the relevant mutated form in a women's genome, Myriad Genetics has been able to exclude all other laboratories from conducting the test. Patients and their insurers have paid much more, and women and their families have waited crucial weeks longer than necessary for information relevant to treatment and potentially affecting survival.
The Public Patent Foundation and the American Civil Liberties Union challenged the patent on the ground that the Act does not permit the patenting of "facts of nature." In a lengthy and carefully argued opinion granting summary judgment, Judge Robert Sweet agreed. Judge Sweet rejected the basic premise on which gene testing patents such as the one granted to Myriad have been justified: that the amplification of naturally-occurring DNA sequences is a patentable transformation of the DNA molecule. Instead, Judge Sweet adopted the view put forward by Myriad's own expert witnesses, that DNA is a special molecule, "a physical carrier of information," and therefore held that the reading of such naturally-occurring information is not patentable subject matter. Whether posed as a new composition of matter, or as a method for "analyzing" or "comparing" DNA sequences, Judge Sweet held, Myriad's attempt to gain a monopoly on looking at a particular DNA sequence to find out what it says falls outside the permissible scope of patent law.
In reaching his legal conclusions, Judge Sweet relied significantly on the recent opinion of the Court of Appeals for the Federal Circuit, which has primary responsibility for interpreting the nation's patent law, In re Bilski, 535 F.3d 943 (2008), now pending in the Supreme Court. Bilski, as readers here will know, raises issues concerning the patentability of business methods and computer software, on essentially the same basic ground: that, as the Supreme Court has said, "phenomena of nature, though just discovered, mental processes, and abstract intellectual concepts are not patentable, as they are the basic tools of scientific and technological work." Gottschalk v. Benson, 409 U.S. 63, 67 (1972). Judge Sweet's opinion may be said to raise the stakes on Bilski slightly, but the parts of the Federal Circuit opinion on which Judge Sweet relies are not about the "specialized machine or transformation of matter" test adopted by the Federal Circuit to distinguish patentable from unpatentable inventions involving computer software and methods of doing business. Judge Sweet followed the Federal Circuit closely in its expression of the settled law of patent scope, making it more unlikely that the Federal Circuit, which will hear the inevitable appeal from Judge Sweet's judgment, will be inclined to disturb the conclusion.
Instead, Judge Sweet's ruling shows the beginning of a broader front in the judicial determination to reign in patenting that has gone too far, turning information that should be free to all into property exclusively held by a few. Neither our patent law itself, nor the guarantees of freedom to learn and teach protected by the First Amendment, can tolerate the widespread creation of statutory monopolies on ideas. Judge Sweet's conclusion with respect to gene patenting confirms and supports the position taken by the amici curiae in Bilski, including the Software Freedom Law Center, that computer software standing by itself, another carrier of information about algorithms, or mental processes, is not within the scope of patent law. Judge Sweet's opinion illuminates another of the large classes of human knowledge presently being made the subject of statutory monopolies through the patent system, but which cannot legally be made monopolies at all.Americans have begun to understand a little bit about how, in the last two decades, corporations and their servants turned more and more of our society's opportunities into property for themselves. The sorrow and anger that is entering our politics, as honorable working people realize how badly they were had, will not soon abate. That the patent system too was gamed by the powerful at the expense of everybody else has not been fully grasped yet. But it will be. Time will show that Judge Sweet was more than courageous in his ruling, that he was also speaking with the voice of America behind him, as all great judges do.
";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:6:"author";a:1:{i:0;a:5:{s:4:"data";s:38:"eben@softwarefreedom.org (Eben Moglen)";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:7:"pubDate";a:1:{i:0;a:5:{s:4:"data";s:31:"Tue, 06 Apr 2010 14:50:00 -0400";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:4:"guid";a:1:{i:0;a:5:{s:4:"data";s:94:"http://www.softwarefreedom.org/blog/2010/apr/06/gene-patenting-and-free-software-breaktrhough/";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}}}}i:2;a:6:{s:4:"data";s:0:"";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";s:5:"child";a:1:{s:0:"";a:6:{s:5:"title";a:1:{i:0;a:5:{s:4:"data";s:25:"Free Software: Phase Two ";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:4:"link";a:1:{i:0;a:5:{s:4:"data";s:72:"http://www.softwarefreedom.org/blog/2010/mar/29/free-software-phase-two/";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:11:"description";a:1:{i:0;a:5:{s:4:"data";s:4146:"Blog post by Lysandra Ohrstrom. Please email any comments on this entry to <Lohrstrom@softwarefreedom.org>.
Free software is ubiquitous. It runs everywhere on (almost) everything. The question that dominated most of the discussions at the Libre Planet Conference in Boston about a week ago is what now? How can the community capitalize on its achievements to make the movement more inclusive and reconceive the relationship between free software and privacy?
Most attendees seem to agree that it's time to proselytize to the non-hacker masses and get them to care about the privacy, freedom, and control they sacrifice when buying proprietary technology. At John Gilmore's group discussion on the future of free software Saturday morning, people proposed making the user interface more friendly; addressing freedom in the browser space; developing a solid gaming platform for free software. "My experience is that if you give people who play games the option to improve them they will," one attendee said. "I know people who became programmers so they could improve the games they played."
The SFLC's founding director, Eben Moglen, said in his talk that the movement has reached "a point of inflection." The challenge it will face in "Free Software: Phase Two" is to explain the relationship between privacy, the integrity of human personality, and free software. The movement will have to figure out how to convince people they need a solution to a problem they don't know exists, he said. "It's not about we're done. The war is over. It's about, what's next."
I think ordinary people who don't write computer code or think about the consequences of proprietary technology are aware that there is a problem; that they are forfeiting too much control over the tasks and relationships that make-up daily life to unknown forces in the digital world. The cyber security threats, malicious hacker attacks in China, car malfunctions, and voting booth problems that dominate the news cycle can all be traced back to potential software glitches. People know about these problems. They just don't know how the problems are connected or how to fix them.
The challenge facing the free software community is to explain how the Toyota recall and Google's withdrawal from China can be traced to one cause: namely giving for-profit companies monopolistic access to the source code of the thousands of software programs that we are increasingly reliant upon. What's lost in the mainstream media coverage of these seemingly unrelated events is an explanation of a solution that already exists: open, auditable source code that anyone can view and detect flaws in.
The first step for the SFLC and attendees of Libre Planet is to connect the various news headlines to a central problem: restricted access to source code. Then explain that it doesn't have to be this way. The technology wasn't designed to infantilize users. It was designed to give users a set of tools to collaborate and communicate in a digital world.
I think the long-term challenge facing the free software community is even more fundamental than telling people they need a solution to a problem they did not know existed. You need to remind people that they don't know how the machines they interact with every day work. You need to open the doors of the community to the end-users for whom the difference between C++ and Java Script is as foreign as Dari and Pashto. The challenge is to encourage people who are used to having a passive relationship with the technology they use to search inside their computers; to show them that digital citizenship is about more than curating the photos you post on Facebook and limiting the information you transmit online. It's about self-sufficiency. It's about first understanding how computers work and customizing them, and then taking control of your own information and the activities you have entrusted to Wizard of Oz-type entities for no other reason than you didn't think you had a choice. ";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:6:"author";a:1:{i:0;a:5:{s:4:"data";s:49:"Lohrstrom@softwarefreedom.org (Lysandra Ohrstrom)";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:7:"pubDate";a:1:{i:0;a:5:{s:4:"data";s:31:"Mon, 29 Mar 2010 10:52:00 -0400";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:4:"guid";a:1:{i:0;a:5:{s:4:"data";s:72:"http://www.softwarefreedom.org/blog/2010/mar/29/free-software-phase-two/";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}}}}i:3;a:6:{s:4:"data";s:0:"";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";s:5:"child";a:1:{s:0:"";a:6:{s:5:"title";a:1:{i:0;a:5:{s:4:"data";s:42:"New Export Rules Promote Internet Freedom ";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:4:"link";a:1:{i:0;a:5:{s:4:"data";s:90:"http://www.softwarefreedom.org/blog/2010/mar/12/new-export-rules-promote-internet-freedom/";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:11:"description";a:1:{i:0;a:5:{s:4:"data";s:4987:"Blog post by James Vasile. Please email any comments on this entry to <vasile@softwarefreedom.org>.
Earlier this week, the Office of Foreign Assets Control announced the relaxation of rules prohibiting export of software to Iran and Sudan. The new exemptions build on a recent easing of some rules governing exporting telecommunications technology to Cuba. These moves are surely an attempt to capitalize on the Iranian election demonstrations last summer that some called the "Twitter Revolution". They are also a sign that the Obama Administration is carrying out its plans to make internet freedom a pillar of US diplomacy.
I hope the revised OFAC rules are the beginning of a broad and nuanced re-examination of US technology export policy. They are certainly good news for Free Software developers who are currently prohibited from distributing their software in embargoed countries.
Generally speaking, US companies have been prohibited from trading with Iran and Sudan, despite some exemptions for humanitarian and medical reasons. To my knowledge, those exemptions have never been applied to Free Software. Against that backdrop of general prohibition, OFAC promulgated new exceptions allowing the exportation of "certain services and software incident to the exchange of personal communications over the Internet." As examples, OFAC lists "instant messaging, chat and e-mail, social networking, sharing of photos and movies, web browsing and blogging."
That list, however, is not exhaustive. The exemption is broad and applies to a wide range of technology. I asked an OFAC representative how broadly to interpret "incident to," and he confirmed that the exemption includes such software as web servers, content management systems or operating systems on which one could run an IM client. If those are incident to personal communication, presumably much other Free Software is too.
Though the decision to loosen export regulations is a step in the right direction, it falls far short of what the Free Software world really needs: permission to publicly distribute Free Software everywhere on the planet without jumping through invisible and innumerable hoops. First, the new rules are limited to Iran and Sudan. Other embargoed countries are still off limits. Second, while "incident to personal communication" applies to a lot of software, it does not describe everything, and its limits are unclear. Third, the exception is limited to software that is publicly available at no cost to the user.
This last point deserves some extra attention. If you charge for Free Software, the exemption does not apply. Also, other export controls are still in effect. This is true no matter how you structure it. A download fee to recoup the cost of distribution would be a problem. A paid service agreement to support the software would be a problem. Accepting donations from embargoed countries could be problematic. In other words, if your project gives away software but raises money by accepting money for ancillary goods or services, those ancillary charges can run afoul of the embargo rules.
Other caveats exist (especially regarding software that does encryption), and this post isn't meant to be legal advice on how to comply. My objective is to shed light on a decision that could signal the beginning of a gradual shift in US technology policy and a shift in the Free Software development landscape. If your project is trying to comply with export regulation, you should seek legal advice.
Export regulation is a patchwork quilt of mystifying rules. Most projects are wholly unaware that putting their code on the web might put them at risk of violating export laws they've never heard of. Those that try to comply face many difficulties. It's heartening to see inter-agency cooperation aimed at simplifying the legal environment for Free Software developers. By broadening exemptions to include certain communication technologies, the government acknowledges that internet access is a fundamental human right. These are welcome signs for the SFLC and the free software community overall. I hope the Commerce Department joins in and extends the personal communication technology exemption to include trade with Cuba and Syria as well.
";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:6:"author";a:1:{i:0;a:5:{s:4:"data";s:41:"vasile@softwarefreedom.org (James Vasile)";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:7:"pubDate";a:1:{i:0;a:5:{s:4:"data";s:31:"Fri, 12 Mar 2010 06:00:00 -0400";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:4:"guid";a:1:{i:0;a:5:{s:4:"data";s:90:"http://www.softwarefreedom.org/blog/2010/mar/12/new-export-rules-promote-internet-freedom/";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}}}}i:4;a:6:{s:4:"data";s:0:"";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";s:5:"child";a:1:{s:0:"";a:6:{s:5:"title";a:1:{i:0;a:5:{s:4:"data";s:63:"The Toyota Recall and the Case for Open, Auditable Source Code ";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:4:"link";a:1:{i:0;a:5:{s:4:"data";s:98:"http://www.softwarefreedom.org/blog/2010/feb/19/toyota-recall-and-case-open-auditable-source-code/";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:11:"description";a:1:{i:0;a:5:{s:4:"data";s:4388:"Blog post by Michael A. Spiegel. Please email any comments on this entry to <mspiegel@softwarefreedom.org>.
In a recent article, Slate's Farhad Manjoo attempts to play down fears of faulty software in car braking systems as a potential cause of traffic accidents. Citing numerous studies which conclude that “the overwhelming reason we get in crashes is driver error,” Manjoo reasons that “the less driving people do, the fewer people will die on the roads.”
While it may certainly be true that most crashes occur because of intoxication, distraction, or driver fatigue, and that computer controlled cars may decrease driver error, Manjoo doesn't seem to see the obvious implication of his own assumptions -- “opaque” and “inherently buggy” software which could endanger public safety should be subject to review.
If Toyota truly wanted to repair its public image and reputation for quality, it would make its source code available to anyone interested, not just a single government regulator. The public is far more likely to discover bugs and suggest improvements than a relatively small number of overworked and potentially inexperienced government employees. As a former patent examiner at the US Patent and Trademark Office, I have seen the problems that arise when the amount of information and technical expertise available to the government is far outstripped by that of the private firms seeking government approval. Currently, the USPTO is attempting to deal with this imbalance of information by publishing patent applications before they are granted and by considering various proposals to incorporate public feedback as a means to improve patent quality. The National Highway Traffic Safety Administration should consider similar measures to allow the public to assist in its work.
Toyota should take their cue from another industry recently wracked by a loss of confidence in the integrity of their product -- the voting machine industry. Looking back on the controversies that surrounded voting irregularities in the past few elections, it seems like the public cares a great deal about the integrity of the voting process. A seemingly endless amount of ink was spilled by the press and blogosphere expressing outrage over the various security flaws found in Diebold voting machines, especially after the CEO of Diebold Inc. wrote that he is “committed to helping Ohio deliver its electoral votes to the president next year.” The media attention surrounding this issue culminated in the HBO documentary “Hacking Democracy”, in which filmmakers Simon Ardizzone & Russell Michaels chronicled the efforts of activists who exposed and attempted to fight the proliferation of insecure voting machines.
Finally, in response to the controversy, Sequoia Voting Systems announced last October that their new voting machines would be based on publicly available source code and open architectures, noting that “[s]ecurity through obfuscation and secrecy is not security” and that “[f]ully disclosed source code is the path to true transparency and confidence in the voting process for all involved.”
I find it curious how proprietary software became a major concern to the media as well as various state legislatures when our democratic process was threatened, but when at least 37 lives have been lost due to malfunctioning Toyota vehicles, there is no similar outcry for greater transparency in the proprietary braking and accelerating software that is crucial to keeping people safe on the road.
Given the cost of its 8.5 million car recall and the potentially irrecoverable damage to its brand, Toyota should seriously reconsider the value of maintaining a business based on trade secrets and realize that ensuring public safety should not be purely a matter of private concern.
";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:6:"author";a:1:{i:0;a:5:{s:4:"data";s:49:"mspiegel@softwarefreedom.org (Michael A. Spiegel)";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:7:"pubDate";a:1:{i:0;a:5:{s:4:"data";s:31:"Fri, 19 Feb 2010 17:12:00 -0400";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:4:"guid";a:1:{i:0;a:5:{s:4:"data";s:98:"http://www.softwarefreedom.org/blog/2010/feb/19/toyota-recall-and-case-open-auditable-source-code/";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}}}}i:5;a:6:{s:4:"data";s:0:"";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";s:5:"child";a:1:{s:0:"";a:6:{s:5:"title";a:1:{i:0;a:5:{s:4:"data";s:46:"Letter to the Editor(s) of The New York Times ";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:4:"link";a:1:{i:0;a:5:{s:4:"data";s:78:"http://www.softwarefreedom.org/blog/2010/jan/22/letter-editors-new-york-times/";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:11:"description";a:1:{i:0;a:5:{s:4:"data";s:4598:"Blog post by Lysandra Ohrstrom. Please email any comments on this entry to <Lohrstrom@softwarefreedom.org>.
New York Times reporters John Markoff and Ashlee Vance correctly pointed out that nations, private corporations, and even bands of rogue programmers are capable of covertly tunneling into information systems, by exploiting bugs in a program's source code in their January 20th story, "Fearing Hackers Who Leave no Trace."
Unfortunately, this paragraph appears more than half way through the story. Rather than address the real reasons that proprietary systems are so vulnerable to security breaches or the comparative protections afforded by free software, Vance and Markoff stuck to the usual formula of the Times' technology stories: the "intellectual property" parable. The good guys ("innovative," commercial technology companies like Google and Cisco) struggle to protect the integrity of their source code--their "crown jewels"--from the nefarious designs of the bad guys (hackers).
"If hackers could steal those key instructions and copy them, they could easily dull the company's competitive edge in the marketplace," Vance and Markoff write. "More insidiously, if attackers were able to make subtle, undetected changes to that code, they could essentially give themselves secret access to everything the company and its customers did with that software.”
The ability to make "subtle, undetected changes" to a system's source code is indeed the cause of frequent security breaches, but it is much harder for ill-intentioned hackers to "leave no trace" in free software. The solution is not to block access to source code, as the authors imply, but keep it open so that anyone can detect modifications, see who made them, and why. The reason closed, proprietary systems have proven to be less secure than free software alternatives over the years is more to do with the absence of a third-party audit function and accountability trail, than threats from "hackers."
Markoff and Vance conclude their story with a quote from a security expert who acknowledges that technology companies have implemented "more complex systems for viewing and changing source code" lately to combat this problem, but "one of the greatest vulnerabilities remains the people element." Free software has proven that the people element can also be a source of security.I can only assume the confusing tangle of inaccuracies, contradictory conclusions, and false assumptions Markoff and Vance reported were fed to them by a PR agent or cobbled together after a day-long conference hosted by the Homeland Security Council. Vance quotes a member of the Council's advisory board, Jeff Moss, in the article he co-wrote with Markoff and in a separate story published under his own byline on January 21, "If your Password is 123456, Just Make It HackMe." Vance describes him as a security expert in the first story and the founder of a popular hackers conference in the second.
As a non-profit law firm for Free and Open Source Software programmers, the SFLC admittedly has a stake in promoting the projects developed by its clients. So rather than take my word for it, listen to the comments of readers like Wai Yip Tung from San Francisco. "This article have a very confused idea around source code and security," Tung writes in a comment. "Have you ever heard of Open Source software? (e.g. Firefox) Everyone has access to its source code but it does not make it any less secure. In fact security expert have an opposite opinion. It is critical that source code is available for audit by a wide range of people before we can have confidence of its security. This is a worthless article in my opinion. It stroke fear in the wrong places and shed little light on where the vulnerability really is.
I have to disagree that their effort was entirely worthless. Markoff and Vance inadvertently ended up writing an unqualified endorsement of free software in The New York Times.
Clarification: The "hackers" who break into computers with the intent to cause harm are distinct from from the community of programmers who create clever solutions to bugs in source code. A more accurate label for the activity in this story is malicious hacking or cracking.
";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:6:"author";a:1:{i:0;a:5:{s:4:"data";s:49:"Lohrstrom@softwarefreedom.org (Lysandra Ohrstrom)";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:7:"pubDate";a:1:{i:0;a:5:{s:4:"data";s:31:"Fri, 22 Jan 2010 16:06:00 -0400";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:4:"guid";a:1:{i:0;a:5:{s:4:"data";s:78:"http://www.softwarefreedom.org/blog/2010/jan/22/letter-editors-new-york-times/";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}}}}i:6;a:6:{s:4:"data";s:0:"";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";s:5:"child";a:1:{s:0:"";a:6:{s:5:"title";a:1:{i:0;a:5:{s:4:"data";s:69:"CES 2010: The Best of Times and the Worst of Times for Free Software ";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:4:"link";a:1:{i:0;a:5:{s:4:"data";s:98:"http://www.softwarefreedom.org/blog/2010/jan/15/ces-2010-best-times-and-worst-times-free-software/";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:11:"description";a:1:{i:0;a:5:{s:4:"data";s:3977:"Blog post by Lysandra Ohrstrom. Please email any comments on this entry to <Lohrstrom@softwarefreedom.org>.
The 2010 Consumer Electronics Show (CES) was the best of times and the worst of times for the free software movement.
It proved that the first stage of the revolution that the SFLC, and many others, have long predicted, is complete: free software has been embraced by commercial developers and is now powering a much wider range of embedded devices than any single proprietary program. Behind any one of the smartphones, eBook Readers, netbooks and LCD-televisions that debuted last week at CES is almost certainly a Free and Open Source Software (FOSS) application or platform.
But it also highlighted the extent to which proprietary software developers have taken advantage of the ability to adapt, improve, and customize free software in embedded devices that deny customers these very same freedoms. This is the paradox of free software's growing popularity: anyone can view, modify, and distribute source code, whatever their intentions.
Now that free software is inside almost everything, it is time for users to learn about their rights under free software licenses to protect their freedom to share, tinker, and adapt the devices they buy.
These values, ingrained into our consciousness in kindergarten, are the ones that drive free software innovation and that many of the commercial developers at CES have benefited from, yet hope their customers will forget.
Most of the eBook Readers at CES use free software in locked-down devices that restrict customers' access to certain publications, prevent them from sharing, and violate their privacy. Telecommunications companies have harnessed Android in the battle for a larger share of the smartphone market and collaborated on applications with FOSS programmers while preventing customers the right to chose between carriers. These companies have a vested interest in limiting the functionality of the devices they sell so consumers buy the next model in a couple of years, rather than improve the one they already own.
Individuals can reclaim the rights they take for granted in other commodities by educating themselves and choosing to buy the most free devices whenever possible.
While none of the smartphones or e-readers on the market is perfect, there are options that allow users to retain more choice and control of how a device functions and what content they can access. Choosing a Nokia N900 or a free Android phone over a carrier-subsidized, locked-down model gives customers the option of running any application and making modifications so it is more useful. Readers can chose an open-format e-reader over an alternative that only allows them to download books in proprietary format.
Owners of open-format e-readers can download public-domain content, such as "A Tale of Two Cities," for free from a variety of sources and be able to read and re-read it whenever they want, on multiple devices, forever. Amazon, on the other hand, charges Kindle-owners a license fee for the privilege of reading the free Dickens' classic on their e-readers. Amazon also reserves the right to revoke this license at any time and yank the free book from Kindle-customers who already paid to download it.
At CES 2011, the SFLC predicts that commercial software developers will continue to distract users from these basic rights with sleeker, smaller, and smarter devices that run on free software. The SFLC will continue to fight against people who violate the terms of the GPL by using FOSS in locked-down devices that restrict, rather than empower users. But the second stage of the revolution will be won by individuals who educate themselves about their rights in order to realize the full benefit of free software.
";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:6:"author";a:1:{i:0;a:5:{s:4:"data";s:49:"Lohrstrom@softwarefreedom.org (Lysandra Ohrstrom)";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:7:"pubDate";a:1:{i:0;a:5:{s:4:"data";s:31:"Fri, 15 Jan 2010 10:08:00 -0400";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:4:"guid";a:1:{i:0;a:5:{s:4:"data";s:98:"http://www.softwarefreedom.org/blog/2010/jan/15/ces-2010-best-times-and-worst-times-free-software/";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}}}}i:7;a:6:{s:4:"data";s:0:"";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";s:5:"child";a:1:{s:0:"";a:6:{s:5:"title";a:1:{i:0;a:5:{s:4:"data";s:39:"The European Commission and Oracle-Sun ";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:4:"link";a:1:{i:0;a:5:{s:4:"data";s:83:"http://www.softwarefreedom.org/blog/2009/dec/14/european-commission-and-oracle-sun/";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:11:"description";a:1:{i:0;a:5:{s:4:"data";s:857:"Blog post by Eben Moglen. Please email any comments on this entry to <eben@softwarefreedom.org>.
I spent last Thursday and Friday in Brussels, attending the European Commission’s Oral Hearing in the competition investigation of the acquisition of Sun Microsystems by Oracle. The proceedings at the Oral Hearing were confidential; I cannot write about the presentations made there by others. I can, however, summarize the three points I made during my brief presentation on Friday; my previous written submission to the commission is already available. I want to explain what I said and where I think we stand now that the Oral Hearing is over.
Full post here ";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:6:"author";a:1:{i:0;a:5:{s:4:"data";s:38:"eben@softwarefreedom.org (Eben Moglen)";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:7:"pubDate";a:1:{i:0;a:5:{s:4:"data";s:31:"Mon, 14 Dec 2009 11:18:00 -0400";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:4:"guid";a:1:{i:0;a:5:{s:4:"data";s:83:"http://www.softwarefreedom.org/blog/2009/dec/14/european-commission-and-oracle-sun/";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}}}}i:8;a:6:{s:4:"data";s:0:"";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";s:5:"child";a:1:{s:0:"";a:6:{s:5:"title";a:1:{i:0;a:5:{s:4:"data";s:53:"Black Duck Report is Meaningless Without Source Code ";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:4:"link";a:1:{i:0;a:5:{s:4:"data";s:93:"http://www.softwarefreedom.org/blog/2009/jul/06/black-duck-report-meaningless-without-source/";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:11:"description";a:1:{i:0;a:5:{s:4:"data";s:5544:"Blog post by Aaron Williamson. Please email any comments on this entry to <aaronw@softwarefreedom.org>.
Black Duck Software recently published some summary statistics about free and open source software license adoption, based on data it collected by crawling the web. The report lists “top 20 licenses that are used in open source projects” and the proportion of projects which use each license, as well as historical figures purportedly representing the number of projects using and planning to use GPLv3 variants for each month of the last two years.
In its press release, Black Duck focuses on a supposed 5% decline in the use of GPL-variant licenses in the year since its 2008 report. Taking Black Duck's cue, commentators have drawn all sorts of conclusions from this figure, including that licensing is becoming increasingly irrelevant as web services replace traditional software, or that more software is being produced by universities. Black Duck's own (carefully implicit) conclusion is that the community is simply warming up to proprietary software companies: “Many developers are selecting licenses that are less restrictive, a move that underscores the broader adoption and value of open source in today's multi-source development environments.”
Any of these conclusions might be reasonable if the 5% figure was meaningful, but Black Duck has given us no reason to believe it is; if anything, their own statements suggest it isn't. Programatically capturing data on the prevalence of various FOSS licenses is inherently difficult. At its edges, it's an artificial intelligence problem (specifically a natural language understanding problem), because the many home-grown and modified licenses in the world don't necessarily adhere to standard language. But even the core task of cataloging the use of the most common licenses is fraught: by the wide dispersal of projects across centralized hosting services and single-project sites (and the movement of individual projects between them), by inconsistencies in how developers apply licenses to code (e.g. idiosyncratic headers and directory structures), and by countless other variables.
Black Duck's techniques and algorithms for dealing with these difficulties did not emerge fully formed. The company's engineers no doubt continually refine the license-identification code. If these refinements affected the data on all licenses equally, their effect on the figures from year to year would probably be insignificant. But in reality, GPL variants are much easier to identify than the whole set of permissive licenses whose use has supposedly increased over the last year. Each GPL variant's text is fixed. On the other hand, there exists a whole category of licenses which are popularly referred to as "BSD-style" licenses because, while the individual licenses resemble the original BSD license in scope and style, they have been adapted and rewritten liberally by various developers, universities, and companies. These variations make permissive licenses particularly difficult to identify, and for this reason improvements in Black Duck's algorithms are likely to disproportionately capture more previously unidentified uses of permissive rather than GPL-variant licenses.
Black Duck's dataset has also changed: the company has begun crawling 300 new sites (7.5% of its current total) just since last year's report. We the nonpaying public have no way of knowing the extent of the effect, because Black Duck's system is a black box: the company doesn't disclose how the inclusion of new sources of data affects its numbers.
For these reasons, it is impossible to know whether the 5% GPL delta is meaningful until we know how the source data and the algorithms have changed from one year to the next. The process of cataloging and quantifying the use of FOSS licenses is a scientific one, requiring the application of principles of computer science and statistical analysis. As with any scientific pursuit, the methods used must be verifiable before the results can be considered trustworthy. I encourage Black Duck Software to release its own software under a free software license—whether by joining the alleged groundswell and using a permissive license, or by resort to a retrograde copyleft license—so that its methods can be evaluated by the community (not to mention its customers) and its reports can be rendered meaningful.
Correction: this post previously said that Black Duck only began crawling Microsoft's CodePlex site in May 2009. The press release cited in fact says that Microsoft began pushing data from CodePlex to Black Duck in May. Peter Vescuso of Black Duck says that the company has been crawling CodePlex "for years."
";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:6:"author";a:1:{i:0;a:5:{s:4:"data";s:45:"aaronw@softwarefreedom.org (Aaron Williamson)";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:7:"pubDate";a:1:{i:0;a:5:{s:4:"data";s:31:"Mon, 06 Jul 2009 16:34:00 -0400";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:4:"guid";a:1:{i:0;a:5:{s:4:"data";s:93:"http://www.softwarefreedom.org/blog/2009/jul/06/black-duck-report-meaningless-without-source/";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}}}}i:9;a:6:{s:4:"data";s:0:"";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";s:5:"child";a:1:{s:0:"";a:6:{s:5:"title";a:1:{i:0;a:5:{s:4:"data";s:55:"Law.com article spins old confusions into new "danger" ";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:4:"link";a:1:{i:0;a:5:{s:4:"data";s:69:"http://www.softwarefreedom.org/blog/2008/jun/05/enforcement-lawsuits/";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:11:"description";a:1:{i:0;a:5:{s:4:"data";s:4749:"Blog post by Aaron Williamson. Please email any comments on this entry to <aaronw@softwarefreedom.org>.
Law.com recently ran a sensationalist piece by Edmund J. Walsh warning of the impending “dangerous real world business dispute” in store for any for-profit company that uses free software. Walsh points to lawsuits filed by SFLC on behalf BusyBox as a source of this danger, and having worked on those lawsuits, I hope I can provide a helpful counterpoint.
The article claims that until the first BusyBox lawsuit, the free and open source software (FOSS) movement has presented nothing more than “a philosophical debate about the proper place for software in society.” But copyright licenses have been used to give freedom to users for almost as long as the concept of “free software” has existed.
There are a few reasons why these long-standing legal claims have not developed into lawsuits until recently. One is that FOSS developers have preferred inclusiveness, welcoming new members into the community and offering gentle guidance to those who got it wrong. This has been the approach of the FSF, which has been enforcing its copyrights privately for many years. Another reason is that very few FOSS projects have the resources to enforce the terms of their licenses, and as a result even the most blatant violations have historically carried minimal consequences. Some companies have—whether through ignorance, laziness, or malice—taken full advantage of this disparity of resources. Without the benefit of legal assistance, projects' enforcement attempts have typically been met with excuse and delay, and almost never with full compliance.
The issue is hardly that FOSS licenses present hidden risks. By and large, they are clearer and less onerous than proprietary software licenses. Nor is it the case that “the freedom belongs to the software, not to users.” All users, including for-profit companies, are afforded the same substantial freedoms by FOSS licenses. But as has always been the case, the GPL does not give any user the right to deny those freedoms to others. This could only be a “new lesson” to someone who has never read the license.
Walsh's perception of an “irreconcilable conflict between open source software and its widespread use by for-profit companies” is unsupportable, as is his assertion that “any activity that leverages software for business advantage is likely to restrict the software's freedom.” These statements stem from a misunderstanding of the facts involved in the BusyBox lawsuits. Walsh takes the confidential nature of the settlement terms as license to assume that the defendants were forced to release proprietary code which they distributed with GPL'd software. Nevermind that software derived (within the meaning of copyright law) from GPL'd code can never be “proprietary,” you don't need access to the settlement terms to see that no such thing happened in any of these cases. This is because a not-so-secret condition of settlement is compliance with the license, and a survey of the sources released in these cases reveals that no one was compelled to spill even a drop of secret sauce.
Manufacturers of embedded devices built on Linux, BusyBox, and other common embedded FOSS derive enormous benefit from these tools that in no way abrogates their “business advantage.” Most make their money by selling hardware, and many don't write any software to speak of. Even so, it is trivially easy to build devices that run proprietary applications in conjunction with embedded FOSS without any need to release the code to the former.
So why do they keep the code to themselves? We can speculate on the reasons—ignorance of their legal obligations, indifference owing to a history of non-enforcement, etc.—but it seems that in the overwhelming majority of cases, the decision has nothing to do with protecting a proprietary business model. Whether they license proprietary software or FOSS, for-profit companies should of course pay attention to their legal obligations. But so long as they do so, they need not fear any “irreconcilable conflict” between making money and using FOSS.
";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:6:"author";a:1:{i:0;a:5:{s:4:"data";s:45:"aaronw@softwarefreedom.org (Aaron Williamson)";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:7:"pubDate";a:1:{i:0;a:5:{s:4:"data";s:31:"Thu, 05 Jun 2008 17:15:00 -0400";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}s:4:"guid";a:1:{i:0;a:5:{s:4:"data";s:69:"http://www.softwarefreedom.org/blog/2008/jun/05/enforcement-lawsuits/";s:7:"attribs";a:0:{}s:8:"xml_base";s:0:"";s:17:"xml_base_explicit";b:0;s:8:"xml_lang";s:0:"";}}}}}}}}}}}}}}}}s:4:"type";i:128;s:7:"headers";a:14:{s:4:"date";s:29:"Fri, 09 Jul 2010 06:00:03 GMT";s:6:"server";s:96:"Apache/2.2.8 (Ubuntu) DAV/2 SVN/1.5.1 mod_python/3.3.1 Python/2.5.2 mod_ssl/2.2.8 OpenSSL/0.9.8g";s:7:"expires";s:29:"Fri, 09 Jul 2010 06:10:03 GMT";s:4:"vary";s:6:"Cookie";s:13:"last-modified";s:29:"Fri, 09 Jul 2010 06:00:03 GMT";s:4:"etag";s:32:"5e3d659036adc4eaaa2756009ee78670";s:13:"cache-control";s:11:"max-age=600";s:12:"content-type";s:19:"application/rss+xml";s:3:"age";s:3:"449";s:14:"content-length";s:5:"49467";s:7:"x-cache";s:22:"HIT from john-marshall";s:14:"x-cache-lookup";s:27:"HIT from john-marshall:3128";s:3:"via";s:43:"1.0 john-marshall:3128 (squid/2.6.STABLE18)";s:10:"connection";s:5:"close";}s:5:"build";s:14:"20090627192103";}