★ On Copyright Aggregation

Monarchs on EucalyptusA collaborative activity dubbed Project Harmony is now under way between corporate and corporate-sponsored participants in the free and open source software communities (not to be confused with the Apache Java project of the same name). The project seeks to harmonise the various participant and contributor agreements – collectively termed “contributor agreements” by some – used by many open source projects.

The goal of the project’s initiators is to reduce the legal costs of analysing paperwork faced by companies contributing to open source projects. Initiated and sponsored by Canonical, meetings have already been held several times under the Chatham House Rule, including one recently during LinuxCon in Boston. The participants also number several people who are skeptical of the value of copyright aggregation, myself included. At the meeting I was asked to write about my skepticism; this article is the result. I’m by no means the first to tread this ground; you’ll also want to read the earlier article by Dave Neary, and the comprehensive article by Michael Meeks ends with a useful list of other articles.

What are “contributor agreements”, why do they exist, and are they a good thing?  The need often arises from the interaction with open source of certain approaches to business. They serve a need of those approaches, but they can come at a significant cost to the health of the project. If you’re starting a new project, it’s worth understanding the bigger picture before diving in with a practical guide on the assumption “everyone uses contributor agreements” because not everyone does. For good reasons.

Dual Licencing

One of the dimensions of the business of open source has been the dual-licensing business model. The name is a little confusing since there is (usually) only one open source licence used – the second arrangement is usually a proprietary license or contract exempting the customer from some of the terms of the open source licence. It can be better to describe this as “selling exceptions to the open source licence”, and it is commonly done in conjunction with the GNU General Public License (GPL) which has clauses some businesses regard as hard to accept.

Under this model, open source software is genuinely present, guaranteeing the freedoms of its users, but the business owning the copyright makes money by selling benefits such as the right to make derivatives under a different licence, commercial terms that offer additional guarantees and (most famously) anything-but-the-GPL as the licence under which the software is used. This last option means dual-licensing has often been associated with shady sales tactics along the lines of “it would be a shame if your business got infected with that evil GPL viral licence…”

Copyright Aggregation

In order to use this model, the business owning the copyright has to own the entire copyright to the software they are distributing. As a consequence, when any community member wants to add a modification or enhancement to the source code for the software, the owner demands that to do so they must also hand over their rights to the addition. To achieve this, the copyright owner makes signing of a legal document mandatory for any involvement in the community that involves co-development.

Usually called a “contributor agreement” (to the detriment of older arrangements that use that term for community participation agreements that don’t actually aggregate copyright), the document gives rights amounting to ownership of the copyright in the new work to the copyright aggregator. It may also include other clauses, such as a statement or originality (“this is my work and I didn’t plagiarise it”), a grant of patent rights and even an indemnity (“if you get sued you can blame me”). In most cases the author retains rights to their individual work in some form or receives a license back, but it’s only the aggregator who has ownership of the copyright to the whole system.

So What’s The Problem?

Open source can be defined as the co-development of software by a community of people who choose to align a fragment of their self-interest in order to do so. The commons in which they work contains software under an OSI-approved licence free from usage restrictions with guaranteed freedoms to use, study, modify and distribute it – “free software”. The community members each work at their own expense in order to achieve a shared outcome that benefits all, including themselves. When they create an enhancement, fix a defect, participate in a design, they are not “working for free” or “donating their work” so much as they are “participating in co-development”.

That favoured word “contributor” gives a clue to the problem copyright aggregation agreements cause. An open source community is an open, meritocratic oligarchy – ruled by an elite who gained leadership based on the merit of their participation and skills, open equally to anyone who does the same in the future. The presence of a “contributor agreement” that involves copyright aggregation may be a warning sign that the community using it has one member who is more equal than all the others.

Communities whose members are termed “contributors” rather than “members” or “participants” may well be unequal places where your interests are subsidiary to those of the copyright owner. They are often dominated by users and fans of the software rather than by co-developers, since the inequality makes it hard-to-impossible for a genuine co-developer to align any fragment of their interests on equal terms. Indeed, this inequality is seen by some dual-license proponents as one of the attractions of the model as they seek a community of enthusiasts and (hopefully) customers that they can exploit without competition.

Exceptions

There can be justifications for having copyright aggregation by and for a community. When the beneficiary of the aggregated copyright is the community itself (in the case of a community hosted by a non-profit Foundation), there are benefits available that may outweigh the disadvantages. These include giving the Foundation the legal right to enforce the copyright in certain jurisdictions, and the freedom to update the open source licence later. They may also include the granting of additional rights such as patent licences in the case where the open source licence does not adequately deal with patents, or to help in countries where copyright law is sufficiently different from US law that the US-centric concepts behind open source fail. Richard Fontana covered these well in his LinuxCon presentation.

Even with these benefits available, there are many communities that choose not to aggregate their copyrights – notably the Linux kernel, GNOME, Apache and Mozilla communities. The recent policy and guidelines on copyright assignment by the GNOME Foundations are especially worth reading. Having diverse copyright ownership leads to a deeper mutual trust and an assurance that the playing-field remains level. Insisting on copyright aggregation is one of the more certain ways a company can ensure the open source community it is seeding remains small and lacking co-developers. With the rise of “value add” business models such as Apache-based open core or service subscriptions, it is less necessary for the businesses involved to aggregate copyright.

Some Foundations that avoid aggregation (such as Mozilla) do have a document termed a contributor agreement but the purpose it serves might be better termed a “participant agreement” since it mainly addresses community norms and specifically avoids copyright aggregation. Indeed, there are some who suspect a motivation for using the term “contributor agreement” vaguely to describe agreements also aggregating copyright is a tactic to screen the toxicity of copyright assignments from general view.

How To Flourish

It may well be advisable to have a participant agreement for your community, to ensure that everyone has the same understanding of and commitment to the project if they are sharing its evolution. But if you want your community to flourish, eschew aggregated copyrights, or vest them in a non-profit entity representative of and open to the community. In fact, avoid any institutional inequality and focused control. Communities should be open-by-rule.

In my experience,  attempting to retain control of a project you’re starting or hosting leads to mistrust, contention and a rules-based focus that diminishes your reputation. Relaxing control will lead to the community innovating and growing in ways you’ve not anticipated, as well as enhancing your reputation. As I’ve frequently said (although less frequently been heeded): trade control for influence, because in a meshed society control gets marginalised while influence delivers success.

[First published in ComputerWorldUK]

★ GNU/Linux – finally it’s Free software

A Bold GNU Head
This may come as a shock, but all GNU/Linux distributions to date have been built with essential software under a licence that clearly meets neither the Open Source Definition nor the Free Software Foundations’ requirements for a Free software licence. The tenacity of a Red Hat hacker has finally solved this problem for everyone, however, and I’m proud to have played a part too.

One of the long-running projects I had at Sun was to get the (pre-GPL, permissive) license on Sun RPC changed.  Why would that interest anyone? Well, the code in question is the original implementation of Sun RPC, which went on to become RFC 1057 and today is a core part of every UNIX-family operating system. Including Debian GNU/Linux and Fedora, both keen to be 100% Free-licensed software.

The way the RPC code was originally licensed was exceptionally liberal. Written in 1984 or earlier (well before the GPL existed), it allowed unfettered use of the Sun RPC implementation in any program for any purpose. The only significant restriction imposed, entirely reasonable to most eyes then, was to say that the module itself could not be sold as-is, only as part of a larger work. The code was circulated on Usenet and was extensively cut-and-pasted into software being developed then –  notably the parts related to NFS.

What was liberal is now conservative

Times change. During the 80s, Richard Stallman’s Free Software movement established the four freedoms, with the GNU General Public Licence (GPL) appearing in 1989. During the 90s (1994-7), the Debian Free Software Guidelines established a need for the code in their distribution of GNU/Linux to be fully Free software. The Sun RPC Licence did not qualify, becuase of the restriction on distribution as-is – an “additional restriction” that also meant the licence is not GPL compatible. By the beginning of this decade, Debian maintainers were making a serious effort to audit the millions of lines of code in Debian for true DFSG compliance. And in 2002, they found the old Sun RPC code in core Linux files glibc and portmap. The members of the Fedora community were also engaged in a similar effort.

Reading the history for Debian bug 181493 tells the next part of the story. Inside Sun, the challenge of finding the code in question was Just Too Hard, and the things reached an uneasy impasse.

The issue came back to life in 2008 when the bug was re-asserted as part of the run-up to the Lenny release. I was contacted both by folk at Debian – notably my friend Ean Schuessler – and at Fedora – notably by Tom “Spot” Callaway – asking if there was anything I could do to accelerate licensing of the old code. Both projects had decided to take a hard line and removing the code from glibc and portmap was going to be a real headache, especially for the stability of glibc.

Challenging

The task of relicensing old code can be pretty time consuming and involves people who were already much in demand.

  • First, the old code is often very old. The people who wrote it may no longer be with the company, it is no longer part of a current product, and people sometimes can’t even be sure where it originally came from before Sun put it on Usenet. You have to find the original code if you’re to make any progress at all. Doing so might mean retrieving crates of paper from long-term storage and crawling through them.
  • Second, once the code is located, a legal expert has to look at the origins of the code and maybe once again crawl through retrieved paperwork to find the contracts behind the code. Their job would be to determine if Sun actually has the right to change the license at all.
  • Third, someone had to believe it is their job with respect to the code in question to act on Sun’s behalf to evaluate the change, authorise it and bind the company officially.

All this is time-consuming and expensive, and without a current code owner inside Sun it was touch-and-go whether anyone could find either the staff time or the budget to run a license change through to completion.

With help from friends both at Debian and at Red Hat, we managed to identify some modern OpenSolaris code that matched the code in Linux. This was a key step. It meant we could trace ownership through the comprehensive records for OpenSolaris and start the process moving. By early 2009, we finally reached the point where we felt comfortable to relicense the Sun code involved. I got permission from both the legal team and the management at Sun and announced (and blogged) at FOSDEM in Brussels that it would be OK to relicense the old code.

But then there was some sort of foul-up after it was all agreed and Red Hat (who were making the change) never received documentation of the decision that was sufficient to give them confidence it was all over. They tried contacting people at Sun, but by then acquisition of Sun by Oracle was in full swing and no-one was allowed to make any changes affecting copyrights any more.  Even though it had all been decided, no-one in the legal department was comfortable giving Red Hat the documentation they felt was essential to confirm the decision. So the changes were rolled back, much to everyone’s disappointment (not least mine).

But Spot persisted and finally got confirmation in an acceptable form from an Oracle VP, Wim Coekaerts, that permission to make the change had indeed been granted. So, at long last, the licence is changed, glibc is Free software and we can all breathe easy that this can’t cause copyright infringement suits against Linux. Congratulations to Spot for his tenacity! Spot has more information and his view of what happened over at LiveJournal.


[First published by ComputerWorldUK]

☞ Copyright Reality

✍ Accommodating Innovators

Lessig Reads from RemixSomething grated throughout the debate that resulted in the Digital Economy Act here in the UK. I couldn’t quite articulate it until I was pointed by a blog posting towards an excellent article by Lawrence Lessig, “Getting out values around copyright right” (PDF), based on a keynote in 2009 at a conference for educators in the US. It’s a fine article.

The observations at the beginning of the article provide an excellent overview of what are, for me, Lessig’s most important observations about copyright – that the current, digital, meshed society presents many cases for which the antique copyright regime we have now is inadequate. He then goes on to consider how we should respond to this challenge if we are educators, and provides a final explanation of the Google book-scanning issue. Continue reading

☞ Happy Birthday Copyright – you need to reform

  • This weekend is the 300th anniversary of the Statute of Anne, the first copyright law. As a wag on Twitter noted, we can’t sing it happy birthday because copyright law today prevents us. The essays on the site linked above are from a diverse set of authors, and make interesting reading. Behind almost all of them is the premise that copyright doesn’t work any more. I agree with this.

    Copyright was never meant to apply to things you and I do; it was a law made in the context of the end of general censorship and the rise of the printing press. It was intended to protect the weak from the powerful and the powerful from each other.  It never applied to people who read printed works, only to those who printed them.

    We’ve seen the immense harm that’s resulted from the semantic sleight-of-hand that justifies the violation of our rights because the phrases “war on drugs” and  “war on terror” includes the word “war”.  A similar, more cunning sleight-of-mind observes that every enjoyment of a work in the digital age requires a “copy”.  That means copyright law applies, and thus a license is required by the consumer to waive the monopoly which copyright grants. The freedoms around created works that the Statute of Anne was actually supposed to protect have thus become an excuse to require licenses for every form of modern enjoyment,  imposed upon the very citizens who should expect to have their freedoms protected.

    The contract expressed by the Statute of Anne (and then made concrete in its echo in the US Constitution) was supposed to be between the powerful producers and society; instead it has become an excuse for the imposition of abusive licenses by the middle-men on the individual – and without fair compensation to the vast majority of authors and other creators. Too many people believe copyright is about the way works are enjoyed, and that belief has led to a self-perpetuating spiral into the abyss of control. Radical reform is overdue.

    Radical means “from the roots upwards”. My repeated call is for copyright to be re-interpreted for the connected era. Like Lessig, I think eliminating copyright is too extreme. The social contract upon which it is based – the exchange of temporary monopoly among distributors for protection of both the creator and ultimate enjoyer of the work – remains valid. But it needs casting in an age where every citizen is a peer, rather than in an age of controlling hubs and passive spokes.

    In the UK, the election is upon us, and the outrage of the Digital Economy Act is fresh in our minds. Let’s get this reform rolling.

Other links: Continue reading

%d bloggers like this: