Can developers dictate how their software is used?

The politics of the Silicon Valley are colliding with customers and impacting innocent bystanders who put their trust in open source software.

six big projects that went open source 1

The political leanings of the Silicon Valley are no secret, a strange brew considering the Silicon Valley resembles the era of the robber barons like JD Rockefeller and JP Morgan. Rampant capitalism making instant billionaires has thus far co-existed with rabid supporters of Sen. Bernie Sanders, who has said billionaires should not exist.

But lately, the progressive attitudes of the Valley and tech industry in general are coming into conflict, with the loudest recent incident coming last September when a software engineer pulled a personal project down from GitHub after he learned it was being used by the U.S. Immigrations and Customs Enforcement (ICE).

The developer, Seth Vargo, cited the ICE's "inhumane treatment, denial of basic human rights, and detaining children in cages" as the reason for taking down his project, known as Chef Sugar, a Ruby library for simplifying the use of Chef, a platform for server configuration management. Varga developed the library while he worked at Chef, and the library was later integrated into Chef's platform.

The company restored it to the service, with Chef CEO Barry Crist noting the removal of the software had impacted “production systems for a number of our customers.” Crist went on to say he did not think it was appropriate, practical, or within Chef’s mission to decide which U.S. agencies it should or should not do business with. 

The resulting blowback saw Microsoft, which owns GitHub, and GitHub itself under pressure not to work with the government. Microsoft employees also staged a revolt over the company’s work with the Department of Defense (DoD) over the military’s use of the HoloLens headset. Google employees have also revolted against their company bidding for the $10 billion DoD JEDI contract and forced it to drop out of the bidding.

Whose software is it anyway?

The issue comes down to software ownership vs. customer dependence. Stephen O’Grady, principal analyst with IT research firm Redmonk, notes there are two issues at play here: Do you have an obligation to your customers to support products in a predictable way? And can you deny the right to a particular product or products for a particular customer?

“The answer to the first question, in my opinion, is yes. Particularly for enterprise buyers, the assurance that investments made will be supported over time rather than unpredictably abandoned is huge. It’s part of the basis, in fact, for the old adage that you don’t get fired for buying IBM: the company has a reputation for standing behind the products it sells for long periods of time, making investments in them safe,” O’Grady said.

As for the second question, that’s more complicated, but he still says yes. “In general, companies try not to discriminate against certain types of buyers, both because it goes against the business interests of maximizing revenue, but also because it’s a difficult practice to manage both in terms of legal liability and the public relations appearance and precedent,” he added.

Shayne Sherman, CEO of TechLoris, a PC maintenance and repair site, says ultimately, it is the developer's prerogative to decide whether or not they want to keep their app on the market.

“It doesn't matter whether or not others have become invested or dependent on the program. Companies go under all the time and to expect that there should be consequences for no longer providing their services would be unrealistic. The same would be true if a developer deliberately chose to no longer offer their program,” he said.

[ Related article: The many overlaps of politics and technology ]

He added that there is no moral obligation on the developer to continue to offer their program, however, there might be legal obligations. “If the developer sold the distribution rights, the developer might no longer have a say in whether or not they can close an app. Open source would suggest the app is not under such legal obligations. The main issue would likely be if others had access to the original source code for the app, meaning someone else could potential redistribute this app without legal repercussions,” he said.

Akshay “Ax” Sharma, a security researcher at Sonatype and , said things depend on the license used. “Once you release under a copyleft license, you have already released partial rights to work. How do you take it back? [Essentially,] you forfeit your own right to say I want it back once I released it under an open-source license,” he said.

Copyleft licenses, used in many open-source licenses, are meant to be freer and more permissive than standard copyrights. Those who download the software are within their rights to modify and release their own version so long as they make the code available and include the copyleft license with the code.

Vargo’s move “essentially makes [copyleft] no different from copyright. One of the criticisms of copyright was content creators get to control the culture,” he said. “When I read these articles, it was like, ok you partially waived your right to your work, and then you did not like how that work was used, so you want to reclaim that right even though you’ve already waived it.”

[ Related article: Is open source the transformative solution for activism? ]

Potential blowback for open source?

The question then becomes what does this do for open-source software’s image. This type of activity is unthinkable coming from Microsoft, Oracle or SAP, but will enterprises be reluctant to use a product from a small development house if the developer gets woke?

Rick Stafford, professor public policy at Carnegie Mellon University's Heinz College, said he understands the ethical dilemma for a developer to want their product to be used and then it gets used in a way they don’t agree with. But what if a new administration comes along and uses the product in a way you agree with?

“If you set the precedent that it can be withdrawn and disrupted, the next administration might say I’m not going to use that again. I’m gonna go elsewhere because I’m not going to go back to the people who withdrew the code. There is too much risk there,” he said.

“You could in essence blackmail people,” he added. “That’s the problem with this. It flies in the face of what open source was supposed to be about. It’s like making a promise. Open source is saying OK you can use this, then say you can’t? Open source is a promise in a sense.”

Stafford said he believes the industry has to work it out on its own because otherwise it falls to the government for a legislative solution, and we all know how that usually goes. Poorly. “If there is to be a law, the industry should play the first role and say let’s work this out among ourselves. We’re not going to get elected officials to figure this all out,” he said.

O’Grady said it can raise questions, certainly, but doesn’t believe it’s a systemic concern for buyers at present. “It’s at least in theory of no greater concern than for proprietary software, because once the code has been published under an open-source license, it can be legally used according to the terms of that license in perpetuity,” he said.

Sharma has discussed the Chef incident with peers and said the reaction was “very polarized” and it came down to personal ethics and morals. “Some colleagues said this is open-source software, why is he pulling back, but others said they don’t like the purpose it was used for. Most sided with developer, but I also saw the backlash about how this impacts open source in general,” he said.

So for now, it seems there is no negative reaction to Vargo’s actions, but if it happens a few more times the mood could turn negative, and trust is not easily regained.