A Senior Microsoft Attorney Looks at Open-Source Licensing
The Open Source movement has yet another fan: Robert W. Gomulkiewicz, a senior corporate attorney for Microsoft Corporation and, not coincidentally, the Business Software Alliance's top gun for the proposed UCITA reforms to commercial software licensing law.
Writing in the Houston Law Review, Gomulkiewicz (1999) argues that open-source licenses typically contain precisely the UCITA provisions that are giving fits to consumer advocates, such as the denial of any legal recourse should a consumer suffer loss, harm, or injury through use of the software. What's more, he argues, the Open Source movement's history and recent success show why the UCITA's protections are needed. When somebody like Gomulkiewicz expresses admiration for what you're doing, it's time to stop for some serious reflection. After all, this is tantamount to Darth Vader publishing an essay that praises the way the Rebellion is headed.
I'll fill in the background of what follows, but here's the main point. As Gomulkiewicz himself observes, the open-source initiative finds it expedient to downplay the "anti-commercial baggage" and "confrontational attitude" of the Free Software Foundation in general (and Richard Stallman in particular). But there's a risk. As Gomulkiewicz's work shows, this strategy can backfire by playing right into the hands of people and corporations who oppose everything our community stands for. In the end, open-source software isn't going to make sense to outsiders unless our principles are made clear from the get-go. If you're skeptical, read on; I hope you'll see why.
As you're probably aware, there's something of a split between the Free Software Foundation (FSF) and the Open Source Initiative (OSI). To trivialize a rather complex situation, the split mainly boils down to a disagreement over tactics, not principles. FSF founder Richard M. Stallman (RMS) emphasizes the principles, specifically the Software User's Bill of Rights, which I'll discuss a bit later. In contrast, OSI plays down the principles in hopes of making free software enterprises more appealing to businesses and investors. In this, OSI has succeeded quite brilliantly, as the recent wave of Linux-related initial public stock offerings demonstrates.
Does OSI really play down the principles? Take it from OSI advocate Eric Raymond. Basically, the answer is "yes". Raymond is quick to point out, though, that OSI has "never condemned RSM's principles... the real disagreement between OSI and FSF is not over principles. It's over tactics and rhetoric." And what are the gains? According to Raymond, tremendous progress: "The same press that used to dismiss `free software' as a crackpot idea now falls over itself writing laudatory articles... And the same corporate titans who dismissed RMS as a `communist' are lining up to pour money and effort into open-source development." Without disagreeing with the FSF's principles, Raymond argues, the community should reject Stallman's confrontational rhetoric. "That kind of language," Raymond concludes, "simply does not persuade anyone but us. In fact, it confuses and repels most people outside our culture... as an evangelist to the mainstream, [Stallman] has been one fifteen-year-long continuous disaster" (Raymond, "Shut Up and Show Them the Code", dated 28 June 1999).
Is Raymond right? It's quite possible that rhetorical style has had very little to do with the success of the Open Source movement. Stallman's fifteen years of putative rhetorical "disaster" were accompanied by fifteen years of arduous coding, after all. But his efforts focused on utilities, so the project didn't bear fruit until a viable, GPL-licensed kernel came along. From this view, it was the Linux kernel, not rhetoric (good, bad or otherwise), that got the ball rolling. But let's leave that aside. My question is this: What are the risks of downplaying our principles? Let's take a look at Gomulkiewicz's argument.
If you take Gomulkiewicz's article at face value, you would think he's a kindly and caring advocate for open-source software authors. Praising open-source authors for their daring, innovative new products, Gomulkiewicz notes that these brave, pioneering programmers could be put out of business for good by a lawsuit, or even the threat of a lawsuit. And that's why, he argues, that open-source licenses typically incorporate take-it-or-leave-it licensing in which the user legally assents by clicking "I agree" or by using the software; outright denial of any form of warranty protection for users; and a shift to the user of any and all liabilities for product failure as well as intellectual property infringement. These are among the provisions of UCITA that alarm consumer advocates, Gomulkiewicz notes, but open-source authors need them--and by extension, the whole industry needs them.
Shorn of free-software principles, the OSI literature provides fertile ground for Gomulkiewicz's argument. For example, open-source licenses can be made to read like a page out of UCITA. And, in Gomulkiewicz's hands, open-source advocates start sounding like they'd willingly testify on behalf of the proposed legislation. Erstwhile OSI advocate Bruce Perens is cited approvingly: "If free software authors lose the right to disclaim all warranties and find themselves getting sued over the performance of the programs that they've written, they'll stop contributing free software to the world." So it's obvious, Gomulkiewicz concludes, that we need a "contract law regime that allows revolutionaries like the open source hackers to succeed". And why shouldn't Microsoft get the same, needed protection?
Gomulkiewicz's argument is utterly without merit, of course, but an outsider wouldn't be able to figure out why, and that's dangerous. Here's the rebuttal. Sure, open-source licenses disclaim liability. And sure, open-source authors can't handle lawsuits. But there's a world of difference between a disclaimer of responsibility from an open-source author and a similar disclaimer made by a corporation that's trying to shove closed-source software down your throat.
Why? It's all in the nature of the deal. With open-source software, you don't need warranty protection (and indeed, it would arguably be bad faith to demand it) because you are, in principle, walking into the deal with your eyes wide open. You know what you're getting, and if you don't, you can find someone who does. Open-source licenses enable the community of users to inspect the code for flaws and to trade knowledge about such flaws, which they most assuredly do. Such licenses allow users to create derivative versions of the code that repair potentially hazardous problems the author couldn't foresee. They let users determine whether the program contains adequate safeguards against safety or security risks. In contrast, the wealthy software firms pushing UCITA are asking us to buy closed-source code that may well contain flaws, and even outright hazards attributable to corporate negligence--but they won't let us see the code, let alone modify it. You don't know what you're getting. And that's why it's not worth giving up your right to sue the bastards, if they've been negligent and stuck you with something that hurts or kills somebody.
Here's the difference, in a nutshell. Suppose you're about to get on an airplane. A nice-looking young man hands you a carry-on bag and says, "Would you please take this with you? My wife forgot it." And then, he's gone. Uh-oh, no warranty. Does the bag contain a bomb, or is it just swimsuits and underwear? If the package is wide open when he hands it to you, you're free to see what's inside ("Yup, it's just clothes.") Of course, you still shouldn't take it on the plane (who knows; perhaps some terrorist somewhere has figured out how to make explosive underwear) but you get my point: When the package is open, you're not just a powerless pawn. But what if the package is wrapped up tight, and you're told you could be sued or jailed if you tried to see what's inside? That's the deal you get from UCITA.
In sum: even without warranties, free software is a good deal because you're free to determine just what you're risking. It's not just because the package is open; it's because the openness gives you freedom. Unless you talk about freedom, you can't understand free software, and you can't correctly interpret the provisions of free-software licenses.
What's so horrible about talking about giving users freedom? Here's the "confrontational", seditious language that OSI wants to suppress (from the GNU Project's home page):
Free software" refers to the users' freedom to run, copy, distribute, study, change, and improve the software. More precisely, it refers to four kinds of freedoms for users of software:
The freedom to run the program, for any purpose (freedom 0).
The freedom to study how the program works, and adapt it to your needs (freedom 1).
The freedom to redistribute copies so you can help your neighbor (freedom 2).
The freedom to improve the program and release your improvements to the public, so that the whole community benefits (freedom 3).
And that, my friends, is what it's all about.
By keeping quiet about our principles, we're handing the likes of Gomulkiewicz the tools they need to further their aims, which are most decidedly not those of the Free Software movement or the Open Source software movement. And if you think this doesn't matter, think again. UCITA proponents will use Gomulkiewicz's argument in their effort to convince legislators to adopt UCITA's provisions--and we're all going to have to live with them.
What do you get when you bring principles back in the picture? Try this: contrary to your argument, Mr. Gomulkiewicz, the examples you discuss disclose all too clearly why the authors of closed-source, commercial programs should be held liable for program defects--unless, of course, your clients are willing to give users the countervailing freedoms that make GPL-licensed software an acceptable deal.
Gomulkiewicz, Robert W. "How Copyleft Uses License Rights to Succeed in the Open Source Software Revolution and the Implications for Article 2B", Houston Law Review, 1999, 36 (Spring 1999). Note that Gomulkiewicz expressly states that the views expressed in his article are his own, and not those of Microsoft Corporation or the Business Software Alliance.