What threshold for enforceability do we want to consider when suggesting an ethical license? about ethicalsource.dev HOT 10 OPEN

@zspencer Enforceability is one of the most important questions that those of us in the Ethical Source movement must be able to address. If we cannot, we will seem like a complete joke, and will deserve it. We can and must answer the hard, reasonable questions like, "but how do you prevent people from violating an Ethical Source license?"

It's not like there are no answers to these questions. "No license is magically self-enforcing, so let's not pretend that ES licenses have any problem here that GPL and others do not" is a solid one, especially when the questioner sees no problems with these other licenses simply because they are more familiar, not because they are better or more enforceable. Another good response: "no one is saying that licenses directly prevent physical harm -- they won't stop bullets -- but by creating legal risk for human rights abusers, many of them will decide they should build all their software from scratch rather than building on top of the commons, thus slowing down their rate of progress and, with it, their ability to do harm".

If you are personally not interested in trying to solve certain aspects of the problem(s) that ES is trying to solve, no problem! But going out of your way to actively discourage the rest of us from answering the hard questions is frankly a strategic blunder we cannot afford.

We mustn't conflate our personal preferences and intellectual interests with the work that objectively needs to be done.

I hereby actively encourage all of my fellow Ethical Source enthusiasts to take everyone's objections seriously. Many objections have been and will continue to be misguided. But the effective response to this is to point out precisely what is misguided or factually incorrect about such objections, or to respond with a compelling answer, not to pretend those objections don't exist just so we can pretend that the task before us is easier than it truly is.

from ethicalsource.dev.

That said, I am curious if the broader ethical source and open source community believes we should prioritize enforcement at such an early stage?

This sort of issue comes up in certain ways in the open source universe as well. For example, when licenses have been submitted for approval by the OSI, some people raise objections based on enforceability. To me, concerns about enforceability (I think of that as somewhat different from 'enforcement' though it's closely related) should not be a primary reason to treat, or not treat, a license as open source. My view is that you should assume the license is enforceable and assess whether it qualifies as open source based on that assumption, and based on the philosophical/policy criteria one applies to that question. One reason is that (generally speaking) you can't really know whether a license will be enforceable in an arbitrary jurisdiction at a given time. People used to argue that commonly-used open source licenses were not enforceable (I would say this really only went away in the mid-2000s).

from ethicalsource.dev.

"no one is saying that licenses directly prevent physical harm -- they won't stop bullets -- but by creating legal risk for human rights abusers, many of them will decide they should build all their software from scratch rather than building on top of the commons, thus slowing down their rate of progress and, with it, their ability to do harm".

Right. I think it's important to distinguish compliance from enforcement. There are certain actors who will never comply with license terms. The ES license will not stop terrorists from using our projects for evil, for example. Their compliance is out of our hands. But there are a lot (IMO, most) of companies, like, say, Palantir who are very careful about compliance. These companies are the primary targets of ES licensing.

But for a license to be more than a few words on a page then it will have to be enforceable in a court. You'll never be able to answer that question completely until someone takes an ES license into a courtroom. However, you can get legal help to make a "best-guess", which is what we've been doing.

from ethicalsource.dev.

The criteria is probably in need of workshopping, but does it feel like a good direction?

It's a very interesting approach but I feel it may not be entirely workable in practice. I could imagine some group getting a lawyer to give an opinion on one or more licenses, and that might have some limited meaning but it would be affected by bias (e.g. if the lawyer is acting for the organization behind the license). The reality around this stuff (trying to think about it in the license worlds I'm more familiar with ... say, open source licenses and open-ish content licenses) is that it's a lot fuzzier and more uncertain than these categories might suggest. The history of open source licenses also shows that legal professionals may exaggerate the prospect of unenforceability when a license or licensing paradigm is relatively new.

from ethicalsource.dev.

If you want enforceability, ensure whatever framework you use has international law backing it. None of the frameworks you used can be enforced. A good lawyer could get around it easy. Additionally, you need to be cautioning people to NOT relicense unless they have consent from ALL contributors, if one objects, you can't do it. You basically have dual license where the old contributions remain under the old license, and the new ones under whatever Ethical Source license is used. This is where vcr ran into problems.

from ethicalsource.dev.

one legal professional has made a public, positive assertion about the enforceability

FWIW, people don't do that (which I think would constitute probably "giving legal advice") for free. Maybe I think I'd just like to see an indicator that license has been reviewed by a (named, not anonymous) lawyer or legal firm. We can have an additional indicator for being tested in court, but as Richard said, that took decades even for the GPL. So not a super useful indicator IMO.

from ethicalsource.dev.

@robbyoconnor, can you provide links to resources that we can use to ensure compliance with international law when we review licenses? Keep in mind, we are volunteers with an annual operating budget of $275. As such, we would prefer those resources are permissively licensed for re-use or include pro-bono counsel for the working group.

This further reinforces my assertion that the responsibility for enforceability should fall with license authors. For example, the Hippocratic License has an existing issue for discussing how to make it more enforceable; which is likely the best place to provide specific critiques of that particular licenses' enforceability; and a legal team providing pro-bono counsel that allowed it to rapidly evolve to a 2.0 thanks to community feedback.

Regarding VCR; I agree that the relicensing process could have been handled better. In particular, I believe that the discussion between Richard and the VCR maintainers could have been done in a way that did not include band-wagoning and dog-piling from the broader open-source community. I also believe that it's the ethical source working groups responsibility to catalog the lessons learned and have a draft guide for adopting an ethical license. That said, I do not believe a small misstep justifies dissuading further adoption as we work towards learning what mechanisms we have to effectively and safely ensure that the freedom licensees have to swing our source code does not extend to the abuse of others.

Regarding discouraging adoption: This appears to be at odds with the argument that the OSI and FSF should primarily approve licenses already in popular use in order to reduce proliferation. I do not have any wisdom to share there, and I am curious how you (or other readers) would suggest we reconcile that difference?

from ethicalsource.dev.

Thank you @richardfontana, @nateberkopec , and @elimisteve for your thoughts. I want to take a moment to reflect back what I heard and reframe a position that is more aligned with the group's perspectives.

1. Enforceability is critical; however, it is difficult to test realistically without court cases; and will remain a topic of discussion and contention on a license-by-license basis until any given ethical license gets its day in court.

2. Enforceability is distinct from enforcement and compliance. I.e., bad actors will continue to evade the licensing clauses, and we have a limited ability to respond to such actors due to the socioeconomic resources we can bring to bear to protect a particular project's intellectual property.

How does the following straw example sound?

We indicate enforceability of a given ethical license with a clear visual indicator. Perhaps something like red, orange, yellow, green, and blue to indicate the degree of rigor applied when evaluating the enforceability for the particular license:

• 🔴 zero formal legal reviews. We recommend usage only in hobby or side-projects.
• 🟠 one legal professional has made a public, positive assertion about the enforceability of a given license within a particular legal context?
• 💛 indicates that while there is contention about enforceability in the details (perhaps international law is fuzzy, or particular items do not appear enforceable), but the general framework looks sound from two or more legal professionals' perspectives?
• 💚 indicates that there is a significant consensus on the ability for the license to be considered binding in at least one legal context?
• 💙 The license has been tested in court and has been found to be enforceable OR there is broad agreement that the license is enforceable?

The criteria is probably in need of workshopping, but does it feel like a good direction?

from ethicalsource.dev.

Thank you, @richardfontana and @nateberkopec!

It sounds like the left side (we provide indicators on a per-license basis) is relatively non-controversial while the exact criteria is.

I think it's safe to move forward with the "let's use red/yellow/green indicators, but instead of these indicators representing clear criteria we provide a summary of why we think the indicator is appropriate for a given ethical source license."

Is the following a list of reasonable considerations to make when writing these summaries?

1. Attribution of legal professionals who contributed to the license
2. Distribution and age of license
3. Precedent (if any) set in similar documents (i.e. terms of use, proprietary licenses, etc.)
4. Precedent of enforcement in a court of law

What evaluation criteria is missing? What is extraneous?

Zee

from ethicalsource.dev.

Is the following a list of reasonable considerations to make when writing these summaries?

I think so.

1. Attribution of legal professionals who contributed to the license

Maybe not "attribution" (depending on what you mean by that), but useful to know that a legal professional helped with the license. Similar to how OSI asks new license approval submissions to say whether a lawyer was involved in drafting the license.

2. Distribution and age of license

I assume "distribution" means how widely used/adopted the license is (number and diversity of projects, etc.). These two would be very useful because the more widely adopted a license is (and the longer it's been in existence), the less force criticisms along the lines of "this is untested" are (a widely adopted license creates its own legal reality).

3. Precedent (if any) set in similar documents (i.e. terms of use, proprietary licenses, etc.)

If this just means "this license is based on {some other legal instrument}" that is probably somewhat helpful to know (although it could also be misleading I guess). E.g., it is useful to know that the Hippocratic License is based in part on the MIT license, or that the Atmosphere licenses are based on GPLv3/AGPLv3, but I'm not sure how useful it is given that there may be significant differences.

4. Precedent of enforcement in a court of law

This is certainly treated as significant in discussions of traditional FOSS/open-style licenses, e.g. whenever there's a court decision applying the GPL or a Creative Commons license it tends to be seen as a big deal. Might be better to word this as something like "A court has interpreted and applied the provisions of the license", not sure if "enforcement" is the right term.

from ethicalsource.dev.