Ninety-odd days ago, the US Bureau of Industry and Security (BIS) added Huawei and 68 of its affiliates to its “Entity List.” BIS added another 46 Huawei affiliates last week (collectively, “Huawei”), thereby making it illegal for US individuals and entities to disclose certain technology and software to Huawei and such blacklisted affiliates without a license. At the same time, it tempered the blow by issuing a Temporary General License that, among other things, allowed US entities to continue to participate with Huawei to develop 5G standards.
For all other standards, Huawei’s continued participating would be legal only to the extent a given standard setting organization (SSO) either applied for, and received, a license from the BIS, or could credibly analogize its processes to an exception recognized under existing Export Administration Regulations (EAR). The closest exceptions are disclosures at public conferences and in connection with coauthoring journal articles. Ever since, standards setting organizations (SSOs) counting Huawei as a member have been scrambling, trying to figure what they can and cannot allow Huawei to do.
On Monday of this week, three things happened that provided some answers. But almost all the answers were bad.
The vast majority of free and open source (FOSS) projects today operate on a license in/license out basis. In other words, each contributor to a code base continues to own her code while committing to provide a license to anyone that wants to download that code. Of course, no developer ever actually signs a downstream license. Instead, all contributors to a given project agree on the OSI (Open Source Initiative) approved license they want to use, and those terms stand as an open promise to all downstream users.
But is that really the best way to operate? What about the minority of projects that require contributors to assign ownership of their code to the project? They clearly think assignment is a better way to go. Are they right?
Free and open source software (FOSS) development has for many years enjoyed an increasingly positive public image. Particularly in the last several years, it’s become recognized as the foundation upon which most of the modern computing world rests. FOSS proponents include many governments, too, including many in Europe and the European Commission itself.
That’s all good and quite appropriate, but it’s worth keeping in mind that FOSS involves the conscious agreement of head to head competitors to work towards a common result – something that would otherwise normally be a red flag to antitrust regulators in the US, competition authorities in Europe, and to many of their peers throughout the world. To date, those regulators do not seem to have expressed any concerns over FOSS development generally. But that can change.
Not long ago, the Linux community celebrated the twenty-fifth anniversary of Linus Torvalds’ famous Internet post, and thus its birth. While Linux was not the first open source project (Richard Stallman announced his GNU Project eight years before), it soon became the poster child of a new way of collaborative development that changed not only how technology is created, but many other aspects of the world as well. Today, most critical software platforms and architectures are open source, and virtually all proprietary software is riddled with free and open source software (FOSS) as well.
So, what could go wrong? Well, a lot, actually, unless we pause to think about where the potholes may emerge in the future, and how we can successfully navigate our way around them. That’s what I plan to do in a series of articles to which this is the introduction.
Since May 16, 2019, standards setting organizations (SSOs) with Huawei or any of 68 named Huawei affiliates as a member have been in turmoil. That was the day the Bureau of Industry and Security (BIS) of the Department of Commerce put Huawei and those affiliates (collectively, “Huawei,” for convenience) on its “Entity List,” thereby subjecting any US person or entity that exports or otherwise discloses certain non-public technical information, software and materials to Huawei to penalties under the Export Administration Regulations (EAR). These penalties can potentially exceed $1 million and include imprisonment.
Yesterday, 26 SSOs, including many of the most important standards developers in the world, came together to deliver a letter to the US Department of Commerce. That letter stresses the essential role that standards play in the modern world, and requests that the Department make “a clear statement that development of open enrollment, consensus-based standards or technical specifications as conducted by consortia” is exempt from the restrictions under the EAR that have led to the concern. The full text of that letter, and the signatories, appear at the end of this blog entry, and can also be found here.
Once upon a time we lived in a society that was not only completely analog but infinitely simpler. A time when it seemed the physical world could be understood and described, perhaps even tamed, purely through the application of rational thought. Contemporaries dubbed that era the Age of Enlightenment and looked forward to the wonders that this brave new world would bring. This week, one of the last icons of that heady time was dethroned and retired to a museum in Paris.
I am speaking, of course, about the kilogram, the last of the seven International System of Units measures to be represented by a physical object rather than an “invariant constant of nature.” But where did it come from? And why, after two hundred twenty years, has it been replaced?
Everything changes over time, from the constitutions of nations to political theories. Should the Open Source Software Definition be any different?
Earlier this week the Board of Directors of the Open Source Initiative issued an Affirmation of the Open Source Definition, inviting others to endorse the same position. The stated purpose of the release was to underline the importance of maintaining the open source software (OSS) definition in response to what the directors see as efforts to “undermine the integrity of open source.” Certainly, that definition has stood the test of time, and OSI has ably served as the faithful custodian of the definition of what can and cannot be referred to as OSS.
That said, while well-intentioned, the statement goes too far. It also suggests that the directors would do well to reflect on what their true role as custodians of the OSS definition should be.
Yesterday, Microsoft announced it was pledging 60,000 patents under the Open Invention Network (OIN) license. While the move was historic, it was not surprising. Instead, it marks a logical culmination of a path the software giant tentatively embarked on as much as a decade ago. That evolution gained significant momentum accelerated with the departure of Steve Ballmer, and accelerated yet again as the success of the Linux distributed development model was replicated across more on more projects, covering technologies as varied as cloud computing, virtualization, and blockchains.
On the surface, the significance of Microsoft's joining OIN lies with its agreeing to the terms of the OIN license. But in joining OIN, Microsoft may in fact be acknowledging the power of a far older social force: the community taboo.
Almost nothing inspires a spirited discussion among the open source faithful as much as introducing a new open source license, or a major change in an existing license’s terms. In the case of version 3 of the GPL, the update process took years and involved dozens of lawyers in addition to community members. So, it’s no surprise that the pot is already boiling over something called the “Commons Clause.” How energetically? Well, one blog entry posted yesterday was titled The Commons Clause Will Destroy Open Source. The spark that turned up the heat was the announcement the same day by RedisLabs that it was adopting the license language.
The wire services lit up yesterday with news that six of the largest tech companies in the world had issued a statement in support of interoperability in healthcare at a developer conference. It’s a righteous goal, to be sure. In an interoperable healthcare world, anyone’s entire, life-long health record could be accessed anywhere, anytime, by anyone who was giving you care, from your primary physician to an emergency responder. Such a virtuous goal, in fact, that everyone, including the US government, has been trying to achieve it – without success – for over a decade. Will yesterday’s news bring us any closer to that goal?