What social responsibility do you have as a software developer?
The rise of the ethical license
I was inspired by Vargo’s predicament (which you can read about in part two of this series), and the growing sense that the open source establishment was not interested in empowering developers like him to fulfill their societal responsibilities. So on September 22, 2019, I released the 1.0 version of the Hippocratic License, described as an Ethical Open Source license.
The reaction by open source purists was immediate and forceful. Bruce Perens, author of the Open Source Definition, wrote that it was impossible to define (let alone encapsulate in a license) a universal set of ethics. In a blog post critical of the license, he states that ‘the definition of what is ethical changes over time, from place to place, and from one individual to the next’.
I took this criticism to heart. The next version of the license, written in conjunction with a volunteer group of legal experts, tied the constraints on use in the license to the United Nations Universal Declaration of Human Rights.
Perens also observed that no court would uphold the language of the license and rule that a given organization was complicit in human rights abuses. I took this criticism to heart as well.
I began to focus my collaboration with the legal team on the problem of enforcement. How could we design an enforcement mechanism that was fair to both parties, not an undue burden to either licensors or licensees, and that superseded the unevenly distributed human rights encoded in the laws of any given jurisdiction?
On December 12, 2019, the solution came to light in the form of a set of guidelines for global arbitration aimed at the intersection of business and human rights. The guidelines were the result of a 5-year effort undertaken by the Center for International Legal Cooperation, a working group led by Judge Bruno Simma, who formerly served in the International Court of Justice.
The Hague Rules for Business and Human Rights Arbitration were launched at The Peace Palace at the Hague. The Rules lay out an impartial methodology for settling human rights and business disputes, as part of an enforcement mechanism for the Universal Declaration of Human Rights. The goal of the Rules is to lower barriers to access to remedies, creating a way to evaluate and hold businesses accountable for their behavior across the globe.
The Rules answered the question of how we could empower licensors to pursue action against organizations that were using the software in complicity with human rights abuses. It outlined a process that we felt was fair to both parties in the dispute. In March of 2020, the 2.1 version of the Hippocratic License was released, and it incorporated the Hague Rules as its enforcement mechanism.
Surely the Universal Declaration represents an ethical system that is by definition not temporal, not geographical, and that does not vary from person to person. But even this ethical grounding was not enough to suppress critics of the license.
But in spite of (or perhaps, because of) the criticism, the introduction of the Hippocratic License, and half a dozen other ethical licenses, sparked critical discussions among open source practitioners on the subject of our social responsibilities. The insistence that software under an ethical license ‘isn’t open source’, according to the strict definitions established by FLOSS purists, stood in stark contrast to the growing sense of unease in the community. If ethical open source wasn’t truly open source, why couldn’t it be? And why shouldn’t open source aspire to prioritize social good over 'evil' uses?
On October 7, just over two weeks after the Chef incident, I founded the Ethical Source Movement. Over the next few months, the Ethical Source Working group grew from a handful of 'agitators' to a global community of over 150 open source contributors and maintainers, intellectual property and licensing legal professionals, ethicists, philosophers, NGO and non-profit leaders, and human rights activists.
The Working Group collaborated on the Ethical Source Definition, which lays out the seven critical components of ethical open source. To meet these criteria, a given work must benefit the software commons, be created in the open, be fostered by a community that is welcoming and just, place priority on accessibility (in all senses of the word), make user safety a paramount concern, be designed to protect user privacy, and encourage fair compensation in contributions or financial support by the organizations that benefit materially from the use of the software.
The goal of the Ethical Source Movement is to create social and legal mechanisms through which participants in the software commons can fulfill their societal responsibilities for the works they create or use. The Working Group continues to pursue this goal through diverse channels including licensing, governance, and formal standards.
The locksmith’s fate
After multiple blindfolded trips to and from the unknown location, the locksmith finally cracked the safe. He wasn’t allowed to see what was inside of it; the stranger blindfolded him as soon as the lock clicked open. But true to his word, the stranger made the locksmith exceedingly rich.
A week later, the retired locksmith saw a news headline about the theft of top-secret military schematics. And soon after that, the stranger himself appeared on the world stage, declaring himself master of all nations, backed by an army equipped with a stolen superweapon. The plans for which had been locked securely in a very strong safe.
As Edmund Berkeley said, we technologists have a heavier-than-average set of social responsibilities, owing to the greater-than-average impact of our work on society.
We are all locksmiths. We cannot ignore or delegate our responsibilities to society. We cannot neglect to think about how our work will be used for societal benefit or societal harm. And we can’t avoid deciding between our conflicting responsibilities.
Ultimately, we are the heart and soul of FLOSS, not the Free Software Foundation or the Open Source Initiative or GitHub. We have the responsibility to put ethical principles over the philosophical purity of 'software freedom'.
And if our open source institutions fight against us in our efforts to fulfill these ethical obligations, maybe we need new institutions.