GioCities

blogs by Gio

Ethical Source is a Crock of Hot Garbage

  • Posted in 🖱 cyber

There’s this popular description of someone “having brain worms”. It invokes the idea of having your mind so thoroughly infested with an idea to the point of disease. As with the host of an infestation, such a mind is poor-to-worthless at any activity other than sustaining and spreading the parasite.

A “persistent delusion or obsession”. You know, like when you think in terms of legality so much you can’t even make ethical evaluations anymore, or when you like cops so much you stop being able to think about statistics, or the silicon valley startup people who try to solve social problems with bad technology, or the bitcoin people who responded to the crisis in Afghanistan by saying they should just adopt bitcoin. “Bad, dumb things”. You get the idea.

And, well.

Okay, so let’s back way up here, because this is just the tip of the iceberg of a story that needs years of context. I’ll start with the most recent event here, the Mastodon tweet.

The Mastodon Context🔗

The “he” Mastodon is referring to is ex-president-turned-insurrectionist Donald Trump, who, because his fellow-insurrectionist friends and fans are subject to basic moderation policies on most of the internet, decided to start his own social network, “Truth Social”. In contrast to platforms moderated by the “tyranny of big tech”, Truth Social would have principles of Free Speech, like “don’t read the site”, “don’t link to the site”, “don’t criticise the site”, “don’t use all-caps”, and “don’t disparage the site or us”. There are a lot of problems here already, but because everything Trump does is terrible and nobody who likes him can create anything worthwhile, instead of actually making a social networking platform, they just stole Mastodon wholesale.

Mastodon is an open-source alternative social networking platform. It’s licensed under an open license (the AGPLv3), so you are allowed to clone it and even rebrand it for your own purposes as was done here. What you absolutely are not allowed to do is claim the codebase is your own proprietary work, deliberately obscure the changes you made to the codebase, or make any part of the AGPL-licensed codebase (including your modifications) unavailable to the public. All of which Truth Social does.

So that’s the scandal. And so here’s Mastodon poking some fun at that.

One of the big issues Mastodon has is the perception of a high barrier to entry. It’s not as popular as Twitter or Facebook, and its federated structure can make it slightly harder to adapt to, making adaptability a major issue. See, Trump and his clownish felon traitor buddies are very stupid and bad at things, and so if they can use (steal) Mastodon, that means it’s actually pretty adoptable. That’s the joke.

Enter Coraline🔗

Coraline Ada is a trans leftist woman, which means virtually all of the “criticism” of her is hateful nonsense spewed by hateful people. In this case this is especially unfortunate because a quick look shows that she’s deserving of some actual criticism for the ideas she platforms, and not just anger about her personal life. I’ve noticed this is a recurring problem: when there’s an approximately equal amount of vitriol against all people in some group, regardless of who they actually are and what problems they might actually be causing, it becomes much harder to casually identify people with whom there is some actual issue. (See also the “is this callout real or just twitter” effect.) I’m going to try to ignore as much of the culture war nonsense as I can here and focus on the actual topic in scope. Admittedly from what I’ve seen personally there may be some other personal issues at play, but I refuse to talk about them here. The problem isn’t that her ideas represent some SJW encroachment on a prelapsarian smartworld society where only brain genius wonder boys succeed because they deserve to. The problem is with their content, which… well, which I’ll get into.

Coraline is best known for her 2014 authorship of the Contributor Covenant, a general-purpose code of conduct for large-scale open source projects designed to combat the very real problems of harassment and toxicity in those communities. It’s only about two pages, and it’s generally good, crucially because it limits its scope to the project. Credit where credit is due.

There does seem to have been some issue about the issue of scope: although the document says violations are scoped to when people are representing the project, Coraline herself asserted a violation of the CC as a direct result of a personal Twitter conversation unrelated to the project in the case of Opal.

The only other potential issue with the Contributor Covenant is that it’s specifically written to demand specific moderation action. As Coraline wrote in an explanation when this was challenged,

Updated by CoralineAda: I understand not wanting bureaucracy, but something can and has to be done if a member of the community engages in a campaign of, for example, sexual harassment. There are ways of limiting such an individual’s access to the community and to the codebase. There is public censure. If there are no consequences for wrongful activity, then what’s even the point of having a code of conduct? It has no teeth.

There’s this criticality placed on “teeth” here that’s important to note. To Coraline and the rest of the OES, it’s important that “wrongdoers” are punished, and that there exists a definite process for ensuring those people are punished. Keep this attitude in mind, it’ll come up again.

Matz, the chief designer of Ruby and the assignee in that topic, adopted a code of conduct as a direct result of Coraline’s suggestion. In my book, this represented a major victory for the Code of Conduct movement, with a major project adopting a CoC for the first time at the direct request of a member of the community. But it apparently wasn’t aggressive enough for her, and she made her opinions known on the matter.

Anyway, after/in addition to CC, she went on to start the “Ethical Source” movement. Coraline founded the Organization for Ethical Source (OES) with herself, Don Goodman-Wilson, and Tobie Langel as the members. I’m going to talk about the OES and the ideas it represents as much as possible here, as opposed to focusing on individuals, but my ability to do that is limited as this is still a story driven by people and personalities.

To be as generous as possible here, I think the basic problem OES tries to solve is a real one. And preventing abuse is a thoroughly admirable goal, so long as it can be done well. I’ll actually quote directly from ethicalsource.dev’s blurb:

Today, the same open source software that enriches the commons and powers innovation also plays a critical role in mass surveillance, anti-immigrant violence, protester suppression, racist policing, the deployment of cruel and inhumane weapons, and other human rights abuses all over the world.

We want to do something about this misuse of our software. But as developers we don’t seem to have any recourse, no way to prevent our work from being used to harm others.

There is a real problem of technology being used towards atrocities. GitHub and other major tech companies’ contracts with openly abusively violent and literally genocidal US agency ICE (2, 3, 4, 5), public enemy of Amnesty International Palantir, which uses open source tech to conduct raids and unconstitutional surveillance (2, 3), just to name a couple. Hell, even McDonalds cashes in. The sad reality is open source software is regularly used towards ends most or all of its developers find abhorrent.

But, because those developers chose to develop open source software under a permissive license, those developers don’t have any legal leverage over those uses they hate. This is an intended side-effect of the neutrality that is a core principle of the open source movement.

The Whole Point of Open Source🔗

The open source and free software movements are first and foremost philosophical movements dedicated to the free exchange and development of ideas and technology, and preventing any entity from exerting control over other people through the use of technology or technology licenses.

A license is simply a document explaining the terms and conditions under which the owner allows you to use a product. Usually these place restrictions on the user (for instance, if I sold you a product, I would not want you to copy it and resell it yourself), but open source and free software licenses are designed to prevent you from preventing others from using the software. “You can use this, but with the restriction that you cannot restrict it.”

The FSF has a detailed statement defining their philosophy of free software here. The Open Source Initiative (a legitimate open source advocacy group) also maintains a good working definition of what makes something “open source”, with relevant parts summarized here:

  • Free Redistribution

    • The license shall not restrict any party from selling or giving away the software as a component of an aggregate software distribution containing programs from several different sources. The license shall not require a royalty or other fee for such sale.

  • Derived Works

    • The license must allow modifications and derived works, and must allow them to be distributed under the same terms as the license of the original software.

  • No Discrimination Against Persons or Groups

    • The license must not discriminate against any person or group of persons.
    • Rationale: In order to get the maximum benefit from the process, the maximum diversity of persons and groups should be equally eligible to contribute to open sources. Therefore we forbid any open-source license from locking anybody out of the process.

  • No Discrimination Against Fields of Endeavor

    • The license must not restrict anyone from making use of the program in a specific field of endeavor. For example, it may not restrict the program from being used in a business, or from being used for genetic research.
    • Rationale: The major intention of this clause is to prohibit license traps that prevent open source from being used commercially. We want commercial users to join our community, not feel excluded from it.

“But wait”, you say, “I can’t discriminate against any group of persons? What about the people I consider evil?” The OSI directly addresses this in their FAQ:

Can I restrict how people use an Open Source licensed program? No. The freedom to use the program for any purpose is part of the Open Source Definition. Open source licenses do not discriminate against fields of endeavor.

Can I stop “evil people” from using my program? No. The Open Source Definition specifies that Open Source licenses may not discriminate against persons or groups. Giving everyone freedom means giving evil people freedom, too.

This is a political stance that you’re required to take if your goal is to preserve freedom. The level of principle these ideas sit in is necessarily above any granular means of ethical evaluation (beyond wanting to ensure people are able to do good), because when you give someone the power to deny your rightful freedom, that power will inevitably be misused. The pursuit of preventing the misuse of power is incompatible with handing out vague, open-ended policing powers like “nobody is allowed to do wrong, or you’re allowed to use whatever force necessarily to stop them, and also you get to decide what ‘wrong’ means.” That’s just discretionary policing power, which is a bad thing, citation not needed.

I’m not going to stop here and comprehensively deconstruct the problem of evil. That would be out of scope. I will instead assert that infrastructure and systems are abusable in proportion to how much they give some people privilege and authority over others. Thus designing systems that prevent restriction discourages abuse, and designing systems that allocates and prioritizes policing power encourages abuse. And abuse is bad. Systematic oppression by the powerful is the problem, and any system designed to prevent that but actively makes it worse cannot be considered decent.

There is, of course, a place for ethics in open source development. Software development cannot be culturally or ethically neutral, as it necessarily engages with people and society. However, these issues can be, should be, and are addressed elsewhere within the community structure. The license agreement is uniquely positioned as a limiter: if a project has a bad license, it doesn’t matter how good the code is, its usefulness can be poisoned, making the license uniquely critical to preserving freedom. Thus, it’s important it never be weaponized.

Anyway, now that we’ve established what a bad solution to corporate abuse would look like, let’s see what OES came up with.

The Ethical Source “Solution”🔗

Ethical Source seeks to solve the problem of people using technology for evil by allowing developers to restrict the use of their software.

There are some obvious questions raised. How do you restrict use of software in a non-arbitrary way? How is this different or better than just reserving rights yourself and using your own judgements? You’re not claiming to be restricting use of software and be open source, right? Before I answer those questions myself, let’s see how Ethical Source did.

The first version of the Hippocratic License is… maybe the worst software license I’ve ever read. Here it is, in its entirety:

Copyright (YEAR) (COPYRIGHT HOLDER)

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

The software may not be used by individuals, corporations, governments, or other groups for systems or activities that actively and knowingly endanger, harm, or otherwise threaten the physical, mental, economic, or general well-being of underprivileged individuals or groups.

THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

This license is derived from the MIT License, as amended to limit the impact of the unethical use of open source software.

All but the third and final paragraphs are standard boilerplate. That third paragraph (emphasis added) is the whole of the “Hippocratic” part of the license, and it’s nonsense. This is the kind of idea that could only possibly work if ethics were a solved problem. It assumes an uncontroversial legal definition exists for “underprivileged individuals or groups” and invites the use of any software licensed under this definition to be perpetually subject to scrutiny over its effects on the “general well-being” of… potentially any population.

And, lest you think this language is sufficiently clear that no one would reasonably be able to stretch the meaning to include something outside the intended scope, remember that Coraline literally did that very thing herself with one of her own documents. This isn’t some possibility it’s too soon to be considering, this is definitely going to happen. As seen in the case of Opal, the turnaround from intention to pragmatism can be comically fast.

It is inconceivable that any lawyer looked at this before it was published. In fact, Coraline herself admits she published the license and the site it was hosted on as a reaction to a public incident, just two days after the news reports. It is equally inconceivable that any lawyer would read this and advise anyone to write code using this license or use code licensed under this license in any capacity. I feel like I don’t need to say that it’s important for legal licenses to be legally sound, but here I am talking about a movement which doesn’t seem to think that.

However, for the rest of this document, I’ll generously assume that a future revision of this document will competently achieve its goal of giving courts and lawyers policing power over who is and isn’t allowed to use based on some vague idea of a moral standard. I will not grant that morality is a solved problem that can be codified into a document1, so that “moral standard” used as the basis of this new policing will necessarily be vague and wrong.

This is, by definition, a “non-free” license. It puts specific restrictions on the use of free software, and is precisely the licensing structure the FSF and open source communities work against. Despite that, the OES insists on positioning itself as a natural continuation of open source, instead of the direct opponent it is. The OES (“EthicalOSS” on Twitter, despite fundamentally opposing OSS) has rhetoric to this effect on their home page:

Christine Peterson coined the term “open source” in 1998.

Coalescing around the ideal of software freedom, over the past 20 years the open source community has come to thrive, enjoying wild success and permanently changing the technology landscape. But the world has also changed in the past two decades. It’s time for open source to evolve to meet the magnitude and complexity of today’s social, political and technological challenges.

There is also an Ethical Source Principles document, designed to parallel OSI’s definition. The problem is, if you read it, it completely abandons the conceit of guaranteeing freedoms and instead talks about the importance of specific ethical concerns and… the right to profit off your software.

So… why bother positioning yourself as an evolution of open source when you’re fundamentally opposed to its principles, and advocating for a full philosophical reversal? What’s the purpose of the subterfuge? The closest thing I can come up with for an answer is simply that the label “Ethical Source” sounds better than “proprietary and licensed at the discretion of the owner.” That’s what the OES wants; they want people to be able to exercise discretion over how their work is used. The problem is that discretionary control over proprietary software is known to be a huge problem, and open source is popular, so the only way to accomplish that goal is to intentionally conflate the two ideas.

And, of course, it wouldn’t be 2021 if this whole thing weren’t wildly, obviously hypocritical. See this excerpt from Coraline Ada Ehmke, “Why Hackers Must Welcome Social Justice Advocates”, 2016:

From the onset open source has been inherently a political movement, a reaction against the socially damaging, anti-competitive motivations of governments and corporations. It began as a campaign for social liberty and digital freedom, a celebration of the success of communal efforts in the face of rampant capitalism. What is this if not a political movement? All political movements start with an ideology. But when they are set in motion this ideology may become obscured. It is crucial that we constantly scrutinize the manifestation of our principles to ensure that the lofty goals of our ambitions are in line with our actions.

Coraline is clearly aware that open source is a political movement designed to empower the individual and ensure social liberty, and she even has things to say about the importance of freedom of participation. But now, there’s an opportunity to institute a new policing power and deny freedom of participation to groups you oppose. And, potentially, groups other people oppose, because you can’t create a new policing power without losing control of it.

There is perhaps one intellectual tradition Ethical Source draws from: Douglas Crockford’s infamous license addition: “The Software shall be used for Good, not Evil.”

Douglas explained his reasoning on now-defunct Google+:

Douglas Crockford wrote: Last night at the Software Passion Conference in Gothenburg, we heard from “Swede of the Year” Christopher Kullenberg, who as part of Telecomix provided IT support to people involved in the Arab Spring, helping them to stay connected and to share their stories with the world.

Kullenberg told us that systems that were intended for DRM enforcement are being used to identify dissidents, and that the regime in Syria was using open source software in its efforts to track down and murder anyone with the courage to oppose the evil government.

My very, very, very small part in this is that I include The software shall be used for good, not evil in my licenses. It is not effective at all, but it at least states my intention. It is quite controversial in the open source community because it is claimed that it restricts a specific field of use (specifically, evil), and that software cannot be considered free unless its license permits it to be used in the investigation, torture, and murder of patriots who dare to resist tyrants.

(I’ve also mirrored the comments here, as archive support for Google+ isn’t the best:)

Douglas Crockford wrote: Side stepping the “must free software be free for those who want to do evil” question, the other large issue is trying to determine what exactly is evil. Without a definitive answer as to what evil is, how can anyone be expected to determine if they are being “evil”. To some people attempting to use “free” software in a closed source product is “evil”, to others that’s fine.

So while it states your intention, the practical affect of this license is that it prevents those who want to do good from benefiting from your software due to the uncertainty around good vs evil while not preventing (as you mentioned) those willing to do evil from using it at all. So effectively it punishes the very people who you want to use your software.

Douglas Crockford wrote: Punishes? Are you a victim here? Or perhaps you are a bit over-emotional. Which is fine, you should have a right to be a DQ. It is, as we phansy, still a free country.

But you cannot claim moral superiority on this issue. Putting evil in ironic quotes and stepping aside doesn’t make it less evil.

Donald Stufft wrote: It imposes a penalty on those who wish to use your software and can’t because of practical reasons not because they would otherwise violate your wishes against “evil” using your software while the people who are willing to do “evil” things will likely be fine ignoring your license.

I do not believe I’ve claimed moral superiority. I’m speaking as to the practicalities. Practically speaking the license is toxic because the terms are completely subjective. I put evil in quotes because it is a subjective qualifier. Your definition of evil is likely to be different than mine, which is like to be different than a third person’s. How then is someone supposed to know if they are complying with the terms of your license? Someone can only attempt to guess at what evil is they cannot know what you consider to be evil or not.

Gustavo Noronha wrote: The problem is not simply the one you mention. The problem is the definition of what is good and what is evil is too subjective, so it ends up being a liability.

Giorgio DeRa wrote: I’m astonished that an intelligent and witful man is indifferent to the $$$ that major software companies and mainstream distros prefer to pay to lawyers to study his license, rather than taking the custom license for good. Or he isn’t, and all this is an evil and funny plan (very funny, indeed).

Crockford — for his part — sees his “Good, not Evil” clause as “very, very, very small”, and “not effective at all, but it at least states my intention”.

While this has already been controversial and generally problematic in the community, Ethical Source takes this far further. It doesn’t see itself as symbolic or a statement of intent, but a genuine power play to assert (benevolent) control over an industry through legal leverage.

But really, the worst of it is licensing isn’t where the harms are. The harms are the companies who have the huge contracts. GitHub, Microsoft, Amazon. The massive hardware and software infrastructure required. This bad solution isn’t even poorly solving the right problem.

For that matter, using licensing to restrict government abuse obviously isn’t going to work, because licensing relies on state enforcement of rights anyway. If the state itself is compromised, having a clever little license isn’t the failsafe the OES thinks it is. It’s really just asking the police to arrest ICE with extra steps. This isn’t hypothetical, this is already codified in the law: even the international treaties that govern copyright have explicit exemptions for government action related to security interests. A license like this one can only ever possibly do harm.

The OSI Campaign🔗

Coraline ran a campaign for the OSI board in 2020 with a platform emphasizing the principles of the Ethical Source movement and directly challenging the OSI’s principles of “giving evil people freedom, too”.

Coraline Ada Ehmke wrote: Software freedom that is not in service of human freedom, isn’t freedom at all. [sic]

This was a… bold campaign. Her stated goal was to use software licenses to assert control over peoples’ actions, something fundamentally incompatible with the open source philosophy. This was interesting, because it gave the open source community a chance to consume and react to her ideas.

I’ll attach some responses to her twitter announcement:

And some select comments from her OSI campaign page:

Anonymous Debian once rejected some licence because it was meant to be used “only for good”2. They were right. The problem is: who decides what is good or evil? What is ethical and what isn’t? You? The government? The lawyers and courts when someone forks some project and the author doesn’t like that? Philosophers much more intelligent than you or me have been debating it since dawn of time and haven’t reached any conclusive decision. What one thinks is ethical is not what other does. Freedom is freedom. It’s not about ethics. It’s simple to understand. Do we have the 4 freedoms3? To do good and evil, in mine or anyone else’s eyes?

As someone who’s been writing open source code longer than you, if you’re somehow elected to the OSI board then the OSI’s decisions will instantly cease to have any relevance or moral weight with me. There’s no-one I can think of less suited to be on the board of such an organisation. Regardless of what you’ve convinced yourself about your own beliefs, your primary goals seem to be exclusion rather than inclusion. Your character is also entirely ill suited for the OSI’s mission, for instance, you have [I’m not talking about this behaviour here]. It’s no surprise to discover that you’re completely unaware of the complexities and deep debates surrounding human rights law in the real world.

(See also: “morality is not a solved problem”, “you’ve given the courts discretionary authority”, and “this jeopardizes freedom”.)

Anonymous I honestly think your course of action (i.e. selecting who’s eligible to use software based on their views and actions) will lead to OSS to the brink of being unused.

Your desire to restrict OSS goes indeed against the core values of Open-Source philosophy; and this would be a change too big to retain the name of “Open Source” as it is against what this philosophy stand for.

1) Why do you want to gain more influence over an organization whose core values you disagree with?

2) Have you considered creating/joining a movement that would be more in tune with your own values? If so, what caused you to turn towards the OSD?

I’ve read both your Contributor Covenant and your Hippocratic Licence and was very opposed to the concepts exposed. I found them to be very unspecific about what applies and what doesn’t apply

(While she argued with some comments on the page, she did not answer these.)

As a direct response to her loss in March 20204, Coraline posted a statement on the brand-new Organization for Ethical Source blog, where she suggested her new organization be allowed to appoint a official liaison to the OSI while simultaneously condemning the OSI as being “essentially conservative” and “out of step with the growing needs of the OSS community”. There is, of course, an Affiliate Member seat for exactly this purpose, but that requires an open seat and an election, not unlike the election both OES candidates just lost.

The Mastodon Tweet🔗

And so we finally, finally have the context for Coraline “big time open source troublemaker” Ada’s anger towards Mastodon.

Mastodon itself is a social networking platform with features comparable to Twitter. Unlike Twitter, though, it is designed to be decentralized and federated: you can host your own Mastodon community and moderate it yourself, without being additionally at the whims of the Mastodon company. This makes it well-suited for the needs of marginalized and at-risk communities.

Unfortunately, that category also includes “bad” communities. Gab, for instance, is a fork of Mastodon. The Mastodon community is “completely opposed to Gab’s project and philosophy, which seeks to monetize and platform racist content”. But, as I’ve explained already, the very-neutral infrastructure code layer is not the place to try to fix this. Mastodon understands this, but some still do not.

See, Coraline isn’t concerned that Trump blatantly stole a whole codebase and illegally used it for his horrible insurgency social network for terrorists. Her problem is that Mastodon is designed to be resistant to policing and censorship.

Mastodon is made into the target here, not Trump, because designing open and resilient software systems means it’s hard to police society, which makes Mastodon the true evil in the perspective of the Ethical Source developer.

This is where we see the brain worms in plain view. OES isn’t concerned with ethics or open source. It would rather make tools that can be used to hurt the kind of people they don’t like (knowing their violence can’t be limited to only affect their real targets, no less) than make systems that resist being abused by the people in power. When you’re angry that software is too usable because it doesn’t hurt the people you hate enough, you’re not pushing an ethical movement. You’re not fixing anything. You’re just angry.

Trump’s use of the Mastodon codebase, you’ll remember, violated the license, and is getting him sued anyway. And not because it was a special vindictive license with thorns lined on the inside, like Coraline wants. It’s because Trump actually denied the public their freedom over the software they built, which is what the license is meant to prevent in the first place.

I’ll warn you up front there’s a lot of garbage in here, from both sides. Reference is not endorsement, et cetra.

Trump and Mastodon

Developer Protest

Free Software

Ethical Source

Coraline’s Writing

  1. I believe the current version references other documents to draw from their definitions of moral standard, which doesn’t solve the problem here but does introduce another unnecessary attack vector if the other document were to change. 

  2. What’s being referenced here is Crockford’s “for good, not evil” clause, discussed earlier. 

  3. The “4 freedoms” referenced here are the FSF’s four freedoms: to run, to change, to redistribute, and to publish modifications. 

  4. Hey, look, there’s Tobie Langel again. He didn’t get as many votes as Coraline, possibly due to his campaign of abolishing elections entirely. I can’t quite describe this as splitting the vote, though, since adding his tally and Coraline’s together still doesn’t break the top 3. 

Howdy! If you found my writing worthwhile, the best thing you can do to support me is to share an article you found interesting somewhere you think people will appreciate it. Thanks as always for reading!

Comments

Loading...