Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2020/01/06/copyleft-equality.html
[ This blog post was also crossposted to my blog at Software
Freedom Conservancy. I hope you
will donate
now before
the challenge match period ends so that you can support work like this
that I’m doing at my day job. ]
I would not have imagined even two years ago that expansion of copyleft
would become such an issue of interest in software freedom licensing.
Historically and for good reason, addition of new forms of copyleft clauses
has moved at a steady pace. The early 2000s brought network
services clauses (such as that in the Affero GPL), which hinged primarily
on requiring provision of source to network-remote users. Affero GPL implemented this via
copyright-controlled permission of modification. These licenses began as
experiments, and were not approved by some license certification
authorities until many years later.
Even with the copyleft community’s careful and considered growth, there
have been surprising unintended consequences of copyleft licenses. The
specific outcome of proprietary relicensing has spread widely and — for
stronger copyleft licenses like Affero GPL — has become the more
common usage of the license.
As the popularity of Open Source has grown, companies have searched for
methods to combine traditional proprietary licensing business models with
FOSS offerings. Proprietary relicensing, originally
pioneered by MySQL AB (now part of Oracle by way of Sun),
uses software freedom licenses to compel purchase of proprietary licenses
for the same codebase. Companies accomplish this by ensuring they collect
all copyright control of a particular codebase, thus being its sole
licensor, and offer the FOSS licenses as a loss-leader (often zero-cost) product.
Non-commercial users generally are ignored, and commercial users often
operate in fear of captious interpretations of the copyleft
license. The remedy for their fear is a purchase of a separate proprietary
license for the same codebase from the provider. Proprietary relicensing
seems to have been the first mixed FOSS/proprietary business model in history.
The toxicity of this business model has only become apparent in hindsight.
Initially, companies engaging in this business model did so somewhat
benignly — often offering proprietary licenses only to customers who sought to combine the
product with other proprietary software, or as supplemental income along with other
consulting businesses. This business model (for some codebases), however,
became so lucrative that some companies eventually focused exclusively on it. As a result, aggressive copyleft license overreading and inappropriate,
unprincipled enforcement typically came from such companies. For most, the
business model likely reached its crescendo when MongoDB began using the
Affero GPL for this purpose. I was personally told by large companies at the
time (late 2000s into early 2010s) that they’d listed Affero GPL as “Never Allowed Here”
specifically because of shake-downs from MongoDB.
Copyleft itself is not a moral philosophy; rather, copyleft is a strategy
that software freedom activists constructed to advance a particular set of
policy goals. Specifically, software copyleft was designed to ensure that all users received complete, corresponding source
for all binaries, and that any modifications or improvements made anywhere
in the chain of custody of the software were available in source form to
downstream users. As orginially postulated, copyleft was a simple strategy to disarm
proprietarization as an anti-software-freedom tactic.
The Corruption of Copyleft
Copyleft is a tool to achieve software freedom. Any tool can be fashioned
into a weapon when wielded the wrong way. That’s
precisely what occurred with copyleft — and it happened early in
copyleft’s history, too. Before even the release of
GPLv2, Aladdin Ghostscript used a
copyleft via
a proprietary
relicensing model (which is sometimes confusingly called the “dual
licensing” model). This business model initially presented as
benign to software freedom activists; leaders declared the business model
“barely legitimate”, when it rose to popularity
through MySQL AB (later Sun, and later Oracle)’s proprietary relicensing of
the MySQL codebase.
In theory, proprietary relicensors would only offer the proprietary
license by popular demand to those who had some specific reason for wanting
to proprietarize the codebase —
a process that
has been called “selling exceptions”. In practice, however,
every company I’m aware of that sought to engage in “selling exceptions”
eventually found a more aggressive and lucrative tack.
This problem became clear to me in mid-2003 when MySQL AB
attempted to hire me as a consultant. I was financially in need of
supplementary income so I seriously considered taking the work, but the initial conference call felt surreal and convinced me that
MySQL AB was engaging in problematic behavior . Specifically,
their goal was to develop scare tactics regarding the GPLv2. I never followed up, and I am glad I never made
the error of accepting any job or consulting gig when companies (not just MySQL AB, but also Black Duck and others)
attempted to recruit me to serve as part of their fear-tactics marketing departments.
Most proprietary relicensing businesses work as follows: a
single codebase is produced by a for-profit company, which retains 100%
control over all copyright in the software (either via
an ©AA or a CLA). That codebase is offered as a gratis product to the
marketplace, and the company invests substantial resources in marketing the
software to users looking for FOSS solutions. The marketing department
then engages in captious and unprincipled
copyleft enforcement actions in an effort to “convert”
those FOSS users into paying customers for proprietary licensing for the
same codebase. (Occasionally, the company also offers additional
proprietary add-ons, improvements, or security updates that are not
available under the FOSS license — when used this way, the model is
often specifically called “Open Core”.)
Why We Must End The Proprietary Relicensing Exploitation of Copyleft
This business model has a toxic effect on copyleft at every level. Users don’t enjoy their software freedom under an assurance that a large
community of contributors and users have all been bound to each other under the same,
strong, and freedom-ensuring license. Instead, they dread the vendor
finding a minor copyleft violation and blowing it out of proportion. The
vendor offers no remedy (such as repairing the violation and promise of
ongoing compliance) other than purchase of a proprietary license.
Industry-wide. I have observed to my chagrin that the
copyleft license that I helped create and once loved, the Affero GPL, was
seen for a decade as inherently toxic because its most common use was by
companies who engaged in these seedy practices. You’ve probably seen me
and other software freedom activists speak out on this issue, in our
ongoing efforts to clarify that the intent of the Affero GPL
was not to create these sorts of corporate code silos that vendors
constructed as copyleft-fueled traps for the unwary. Meanwhile, proprietary relicensing discourages contributions from
a broad community, since any contributor must sign a CLA giving special powers
to the vendor to continue the business model. Neither users nor co-developers benefit from copyleft protection.
The Onslaught of Unreasonable Copyleft
Meanwhile, and somewhat ironically, the success of Conservancy’s and the
FSF’s efforts to counter this messaging about the Affero GPL has created an
unintended consequence: efforts to draft even more restrictive
software copyleft licenses that can more easily implement the
proprietary relicensing business models. We have partially succeeded in
convincing users that compliance with Affero GPL is straightforward, and in the
backchannels we’ve aided users who were under attack from these proprietary
relicensors like MongoDB. In response, these vendors have responded with a forceful
political blow: their own efforts to redefine the future of copyleft, under
the guise of advancing software freedom. MongoDB even cast itself as a “victim”
against Amazon, because Amazon decided to reimplement their codebase from scratch (as proprietary software!)
rather than use the AGPL’d version of MongoDB.
These efforts began in earnest late last year when (against the advice of the
license steward)
MongoDB
forked the Affero GPL to create the SS Public License. I, with the support of
Conservancy, rose
in opposition of MongoDB’s approach, pointing out that MongoDB would not
itself agree to its own license (since MongoDB’s CLA would free it from the SS Public License terms). If an entity does
not gladly bind itself by its own copyleft license
(for example, by accepting third-party contributions to its codebases under
that license), we should not treat that entity as a legitimate license
steward, nor treat that license as a legitimate FOSS license. We should
not and cannot focus single-mindedly on interpretation of the
formalistic definitions when we recommend FOSS licensing policy. The message
of “technically it’s a FOSS license, but don’t use” is too complicated to be meaningful.
A Copyleft Clause To Restore Equality
My friend and colleague, Richard Fontana, and I are known for
our very public and sometimes heated debates on all manner of software
freedom policy. We don’t always agree on key issues, but I greatly respect
Fontana for his careful thought and his inventive solutions. Indeed,
Fontana first formulated “inbound=outbound” into that
simple phrasing to more easily explain how the lopsided rights and
permissions exchanges through CLAs actually create bad FOSS policy like
proprietary relicensing. In the copyleft-next project that Fontana began,
he further proposed
this innovative
copyleft clause that could, when Incorporated in a copyleft license,
prevent proprietary licensing before it even starts! The clause still needs work, but Fontana’s basic idea is revolutionary for copyleft drafting. The essence in non-legalese is
this: If you offer a license that isn’t a copyleft license, the copyleft
provisions collapse and the software is now available to all under a
non-copyleft, hyper-permissive FOSS license.
This solution is ingenious in the way that copyleft itself was an
ingenious way to use copyright to “reverse” the rights and
ensure software freedom. This provision doesn’t prohibit proprietary
relicensing per se, but instead simply deflates the power of copyleft
control when a copyright holder engages in proprietary relicensing
activities.
Given the near ubiquity of proprietary relicensing and the
promulgation of stricter copylefts by companies who seek to
engage (or help their clients engage) in such business models, I’ve come to
a stark policy conclusion: the community should reject any new copyleft
license without a clause that deflates the power of proprietary relicensing. Not only can we
incorporate such a clause into new licenses (such as copyleft-next), but Conservancy’s Executive Director,
Karen Sandler, came up with a basic approach to incorporating similar copyleft equality clauses into written exceptions for existing
copyleft licenses, such as the Affero GPL. I have received authorization to spend some of my Conservancy
time and the time of our lawyers on this endeavor, and we hope to publish more about it in the coming months.
We’ve finished the experiment. After thirty years of proprietary
relicensing, beginning with Aladdin and culminating with MongoDB and their
SS Public License, we now know that proprietary relicensing does not serve
or extend software freedom, and in most cases has the opposite effect. We
must now categorically reject it, and outright reject any new licenses that can be
used for it.