Follow

If you don't want cops or military using your open / sharealike software and you actually mean it, then consider Ethical Open Source (EOS) licensing options which are analogous to your project's current licensing scheme. Lip service means nothing when your facial recognition tech is being used for state surveillance and oppression and you could throw a legal wrench in the cogs of the machine.

ethicalsource.dev/definition/

(check their related licenses page for a more complete list)

:acab:

I'm seeing lots of FLOSS advocates favorite this post about Ethical Open Source , and that's good. I know you're scared of boosting this topic because in the past this draws out the worst in the community. But, that's exactly why you should be sharing Ethical Open Source and advocating for it. The FLOSS community is historically toxic, a hidey-hole for racists and the like, and by never bringing up these issues, it will continue to be. Not being racist is not enough, you have to be anti-racist. (read that last part again)

Try actually boosting it. Expose people to a new possibility in terms of how software could protect users. Quit being scared of channers and asshole contributors yelling slurs at you to try keeping minorities out of the community. Tear racism and antisemitism up and out of your community and actually protect the minorities that all your inclusion programs claim they care so much about; before they get run out like clockwork by the racists, homophobes, and antisemites that FLOSS communities have historically hosted generously. Enough lip-service, actually do something. Not just with but with a moderation policy that actually reflects the values in y'all's CoC's on every platform where discussion occurs from social media and mailing lists to software forums and issue trackers.

Show thread

@thufie While I wholeheartedly endorse the goal, the downside is that those restrictions mean that Debian et al won't ship you work, however awesome it is, so lots of people will have a much harder time accessing it.

@tek yeah, we need third party repos, but it's worth the effort.

@thufie is this entirely based on abusers actually following laws?

from what I see cops & military are rarely held accountable for things way worse than copyright issues.

@thufie also laws are easily changed to make stuff legal if exposed.

@bootie_fringe these licenses for the most part have provisions where if their ethical terms are ruled to be invalid the software falls back on being functionally OSI or FSD compliant (depending on the license) so there's nothing to lose by trying.

@bootie_fringe take for example Amazon hosting police software for facial recognition. By running that software amazon would be in violation of most licenses on this list if not all. This is about cutting off police use of outside contractor technology using open code. That is enough to be a huge change alone, even if the cops were to start "pirating" a few individual things. Regardless, like it or not, the U.S. legal system treats the terms of copyright more seriously than anyone's actual fucking life, so it actually might work to get tools directly out of their hands as well.

@thufie @bootie_fringe who's the arbiter of what's ethical? The judiciary system that continues to let cops off the hook is probably not going to rule that police use of facial recognition is, on balance, unethical.

@kline @bootie_fringe the licenses explicitly list within them or reference external documents. Can you please read more than just the name?

@thufie @bootie_fringe I have. The Hippocratic license, for example, is completely usable for cops wanting to run facial recognition.

@thufie @bootie_fringe to be clear, what I'm saying is that cops are still able to use your work for facial recognition under the Hippocratic License.

In the UK, police are already bound by a set of laws similar laws referenced (European rather than UN: equalityhumanrights.com/sites/ ).

They can already square their work with this. Facial recognition tech under the Hippocratic License would be permissible for UK police work, even if the intention was for the developer to prohibit its use here.

@kline @bootie_fringe are you certain it would not make third-party contractors who actually run the software for them in violation? If not, then that's sad, but at least it will work elsewhere.

@thufie @bootie_fringe the police are not allowed to offload their legal obligations by contracting, the system is unlawful if it violates your rights regardless of if it's run in house or by a third party. The police still have to account for (via the CPS) the evidence they present, be that their own police testimony, evidence collected for by a system they pay for, or footage they take from someones residential CCTV.

@kline @bootie_fringe alright good. So you did read some of it!

In broad terms, these licenses generally reference international standards for human rights or list their ethical provisions within themselves in full with reference to presiding legal terminology surrounding each topic mentioned. Sometimes both, as licenses seeking to institute protection against environmental abuse usually cannot reference any U.N. documents on that subject (which do anything at all).

The community around the organization decides what is "ethical" and what isn't. Its not some big corporation that is going to tell you running the software for say, reverse-engineering is "unethical". If you'd like input on what you think should be included or excluded I'm sure your voice will be heard.

That said, the fundamentals of being against surveillance, warfare (at least certain kinds), systems of oppression, and environmental destruction are already firmly in place across all licenses here. You can choose a particular license based on how strict its values are as well as its typical provisions on modification and redistribution.

@thufie @bootie_fringe "The community around the organization decides what is "ethical" and what isn't."

This is what I'm trying to get at. You might believe that this is the case, but it's actually not true. As a community, you can absolutely feel that your software is being misused, but the people to arbitrate (a key word used in the license) may decide that it is in fact perfectly ethical for the police to use the software in such way, or for 3rd parties (contractors like palantir, hosting platforms like AWS, etc) to do so on their behalf.

As mentioned, the police are already bound by such laws in the UK at least. I imagine the US police are likewise bound by their Bill of Rights.

On this account, even software under the GPL cannot be used for unethical purposes: if your rights have been violated in the police, you can take them to task for that under their existing obligations as detailed in the document I linked previously. If it is found that GPL software is used in a system that systematically violates the rights of many, the system has to be dismantled under these obligations. As it stands, the license adds nothing - the fault is in the enforcement of these obligations as they already exist.

@kline @bootie_fringe gotcha. I'm unfamiliar with U.K. law. I'll have to look into this. I've written the NPL from the standpoint of the U.S. legal system primarily (that's what the bulk of it got reviewed against), and I'm not a legal expert myself. This ought to be brought up. If you don't mind, would you put a reference to this law here: ethicalsource.dev/contact/

@thufie @bootie_fringe I mean, to be perfectly frank, the license states in it already that you may not use it if you break the [human rights] law.

If you're already breaking the law, the system is pointless in court, regardless of where in the word this is happening, the US included.

If the police do not break the law, then the license's trap isn't sprung.

This wont work in the US either, simply because it only underlines but does not further enforce the laws it relies on. If the police are breaking the law, you don't need this license - it's already illegal. If they aren't breaking the law (as arbitrated by the courts), then regardless of how you feel about the system ethically, it will still be usable.

@kline @bootie_fringe but if they do, it is sprung. So imagine for a moment police start to be held more accountable for *some reason* (looks at current events) and are found to be in criminal violation of these laws. Then they are in violation.

In the licenses with their own provisions this criticism just doesn't really apply though, which is why the NPL does not make external references or tie license violations to legal violations (in fact much of what is not allowed per the license, is otherwise perfectly legal).

@thufie @bootie_fringe if they break the law, you don't need the license trap to have the system dismantled.

Ethical use licenses have the right heart, but in the end, they simply cannot be more powerful than laws. If you want policing to be more ethical, you need to change the political scene, as is happening right now. You need to make the laws more stringent, and the enforcement more robust, rather than adding license clauses that are strictly no more expansive than the laws police etc are already bound by.

And if you really don't want cops (or others) to use your software, just address it head on and include a clause saying "this software may not be used for <industries X, Y, and Z>, including 3rd party provision of services to the same."

@kline @bootie_fringe If they break the law they can no longer use the software furthermore. I'd say that is certainly not a loophole. Police don't stop existing after one human rights violation is brought up in court (I wish).

This still does not address how on the whole this licensing strategy is ineffective, and my previous points about provisions not tied to other laws haven't been addressed.

I'm not quite sure you're giving this whole concept a fair evaluation. I'll keep engaging though. I'm against licensing against use by specific entities because organizing around exactly which industries and organizations ought to be banned from use wastes time compared to stating provisions they cannot violate. In addition, it rules out the possibility of coming into compliance. Imagine if the GPL just outright banned violators before giving them a chance to release their source modifications, for example. I know its not a fair direct comparison, but its a similar idea: "If you want to keep using this software you can do x, y, and z to do so", and wouldn't it be great if once every blue moon, someone actually did?

@thufie @bootie_fringe "If they break the law they can no longer use the software furthermore". I'm not disputing this, and that is exactly what the license says.

My counterpoint is not to say that this license doesn't work, what I'm saying is that it adds nothing, while adding additional cost to fair play users.

If the software is being used to break the law, it doesn't matter that the license underlines that. It's the law being broken that dismantles the system, the fact that the license trap is sprung adds nothing and tbh is the least of their worries.

So you have a license that adds nothing, as it only binds users to what they were already bound to, and less strongly than those other laws (which are legal, rather than contractual).

These unnecessary clauses have a cost of making the software non-free, which means that fair play users who want to put your software to good use face additionally difficulty in doing so. It's a net negative license for libre and ethical software.

@kline @bootie_fringe I'm going to need you to explain why that last paragraph is a bad thing because just expecting me to believe that breaking freedom 0 in order to keep code from being used from bad actors with records (which honestly I just think you're dodging at this point) is a not an argument against usage of EOS, its the entire point. If you haven't noticed I'm of the opinion that restricting usage to prevent abuses of power is a GOOD thing when done right so just chanting "It breaks the holy freedom clause" at me isn't gonna change my mind.

@thufie @bootie_fringe I'm not saying anything about freedom 0, I am saying that if you choose to build positive software with the hippocratic license at the core, that rules out using any GPL software to help support you along the way.

You can say that this is the GPLs fault, and I might agree with you, but it's no uncertainty that being a non-free license adds significant practical challenges to getting good, ethical software out the door.

There's respect to be had to people who want to build good software and do so with additional penalties for their morals, but we need to accept that this software is likewise penalised in how applicable it will be to real situations.

I don't have anything against you writing software that excludes certain uses, and tbh I think the NPL is a stronger license than the HL for this.

@kline @bootie_fringe yeah this whole thread is basically tearing the HL apart and frankly I agree with most of it and wish they hadn't written it that way, but it least it falls back on being essentially just FLOSS.

I acknowledge that a lot of work is necessary to legally rebase a significant enough portion of a software ecosystem for this movement to gain traction, but I think it is ultimately worth it. The whole reason I'm posting so much about this is precisely for that reason, we need help to make it happen.

@thufie I hesitate to add this, because I think it would be easy to throw away the discussion as "pointless drivel from a freedom-0 absolutist", but I do think freedom 0 is important. I do think that you're perfectly within your rights to deny freedom 0 and, as I've said, take the NPL route of very clearly setting out what the software can and can't be used for.

On the flip side: freedom 0 is important not so software can be used to oppress, but because we are also not perfect. If we were having this discussion 100 years ago, we'd be talking about pushing Women's Suffrage over the line. We'd be talking about making it ethical and right that women could use our software just as men could for the purposes of, eg, voting.

What it would not likely do, however, is allow it to be used by those who identify as gay, or really anyone in the LGBTQ(A!)+ spectrum - we'd more likely than not still set them apart as unethical.

It's likely that there are unknown unknowns now that freedom 0 will enable our software to be used by in the future that we consider inappropriate or incorrect now, in the same way that it was universally the case for women 200 years ago, or people of colour or those outside the cis/het bubble 100 years ago.

Freedom 0 frees our software of the biases we don't even know are biases that may only ever come into the arena even after we're dead.

@thufie so strong copyleft is not enough? from what I have seen, contractors absolutely hate (A)GPLv3 etc.

@bootie_fringe if Google started using AGPLv3 tomorrow that would not change the fact that they are getting huge into military contracting.

@thufie lol, as if google doing military would be a thing that makes them evil.

google are advertisers, their entire business is based on non-consensual behaviour.

@thufie hot take: if you do not want evil ppl to use your face recognition autocannon targeting system … maybe try to build something that would be inherently hard to use for such purposes.

I once created software that was way to easy to abuse by authorities & I stopped the development.

@bootie_fringe I don't think walking on eggshells in terms of what code we write is the answer. Not all code has an unambiguous use-case which is clearly good or bad. In fact, lots of code is incredibly generic.

nazi mention 

confusion 

confusion 

@thufie some code is easily abusable though … facial recognition systems for example or any kind of DRM, centralized chat systems etc.

@bootie_fringe certainly. An ICBM's codebade and an orbital launch system's codebase have a lot of overlap, though. Should we then give up on space travel?

There are things which we should obviously "just avoid", but technologies as a whole have a wide array of varying applications that their capabilities allow. That's the point of licensing against the abuse of these technologies. The same reason why GPS by design stops working at the speeds of an ICBM, as a failsafe against misuse.

@thufie IMO you should always walk on eggshells in terms of what code you write or otherwise undef behaviour or security issues will taint it.

@bootie_fringe I meant in terms of application use-cases it could have, to remain on subject.

@thufie true. what I am saying is, one must already be vigilant, so it is not an undue burden.

@thufie this is a really important shift that the FOSS community needs to make. Do you know any projects that are currently using this license? I'd like to support them however I can.

@clayton unfortunately I don't know of large EOS projects beyond 1-2 contributors. However icebreaker.dev/ has a long list of them.

@thufie that's ok, new movements have to start somewhere. :)

FYI, just checked out icebreaker.dev and it is a list of open-source projects that ICE uses, not a list of EOS projects.

@clayton oh whoops, yeah I got linked there this morning so maybe I wasn't awake enough to read it lol

@thufie this is good and all but I want to know what lawyers they have writing or reviewing these. You have to give these licenses some bite.

There's a lot of people going "cops don't follow the rules anyways" in the comments but they don't understand, if there's one thing that can actually get to a cop and infuriate them to no end its a good lawyer.

@wolfcoder for sure. The majority of the NPL has seen legal review. I don't know the details about the legal review status of the other licenses on the page, however.

@wolfcoder @thufie the cops (or other evil doers) might ignore the licence, but a company which views itself as """neutral""" will probably follow the licence, and not use your code in a product that they sell to cops. Ergo hurting the ability of the cops to do the thing

Sign in to participate in the conversation
Pixietown

Smol server part of the pixie.town infrastructure. Registration is approval-based, and will probably only accept people I know elsewhere or with good motivation.