Is your open source code being used for good or evil?
| Resource information | Details |
|---|---|
| Resource title | Wikipedia Article on the Organization for Ethical Source |
| Authors | Various |
| Website | https://en.wikipedia.org/wiki/Organization_for_Ethical_Source |
First, it has to be said that various software licenses aiming to restrict the use of the source code in one way or another typically fail to meet one or more of the criteria necessary to be considered truly open-source. Well known examples are Server-Side Public License (SSPL), Elastic License 2.0 (ELv2), Business Source License (BSL) and Microsoft Shared Source.
Nonetheless, because such licenses mean the source code is available for all to see, access and modify themselves, they are often confused with open-source. A technically more accurate designation for this brand of license commonly used in the industry is source-available. While source-available licensing is a relatively recent trend in the industry, some commonly recognized major projects utilize them including Elastic Search, MongoDB, Confluent and GitLab Enterprise Edition.
A new kind of source-available license based on ethical use considerations has begun to emerge as well. This brand of licensing is referred to as ethical source and aims to restrict the use of software to ethical purposes. Are developers of the software ok if it is used, for example, in creation of deepfake imagery or video, in human gene editing or cloning, in the blanket surveillance of whole populations of people, in a weapon of mass destruction?
Some recent and prominent examples of members of the open-source software community raising ethical concerns over the use of their software include Elastic Search, TensorFlow and Dual_EC_DRBG. By contrast, of the approximately 8,500 packages in Spack, only one proclaims an ethical-source license.
To put ethical-source licenses in perspective, it is worth considering if and how use restrictions have been enacted and enforced for other kinds of software. Good examples are encryption and obfuscation software such as Pretty Good Privacy (PGP) and The Onion Router (Tor) network. While there have been attempts by various governments to restrict these products--regardless of whether you think such attempts are legitimate or not--none have been successful. Consequently these technologies are routinely used both by criminals and terrorists and by law abiding citizens and whistleblowers.
For example, when PGP was originally released as a ~1000 page printed book titled "PGP Source Code and Internals", the author understood it was deemed a munition by US export control laws and was subsequently sued by the US Government. But, by releasing the software in book form, the author successfully argued in court that the release was protected free speech.
When whole governments with all of their power and resources are unable to control distribution of software that can be used to thwart that very same government's security apparatus, its hard to believe the software community will in and of itself be successful in restricting the use of open source to ethical purposes. On the other hand, that doesn't mean members of the community should be discouraged from at least trying.
Where ethical source licenses will ultimately lead is hard to say. In all likelihood, the most useful part of the Wikipedia article curated here is the long list of references there showing the community's dialog, both for and against, on this topic.
