Tag Archives: open source

Endorsements

Transparency is essential to trusting a technology. Through transparency we can understand what we’re using and build trust. When we know what is actually going on, what processes are occurring and how it is made, we are able to decide whether interacting with it is something we actually want, and we’re able to trust it and use it with confidence.

This transparency could mean many things, though it most frequently refers to the technology itself: the code or, in the case of hardware, the designs. We could also apply it to the overall architecture of a system. We could think about the decision making, practices, and policies of whomever is designing and/or making the technology. These are all valuable in some of the same ways, including that they allow us to make a conscious choice about what we are supporting.

When we choose to use a piece of technology, we are supporting those who produce it. This could be because we are directly paying for it, however our support is not limited to direct financial contributions. In some cases this is because of things hidden within a technology: tracking mechanisms or backdoors that could allow companies or governments access to what we’re doing. When creating different types of files on a computer, these files can contain metadata that says what software was used to make it. This is an implicit endorsement, and you can also explicitly endorse a technology by talking about that or how you use it. In this, you have a right (not just a duty) to be aware of what you’re supporting. This includes, for example, organizational practices and whether a given company relies on abusive labor policies, indentured servitude, or slave labor.
Endorsements inspire others to choose a piece of technology. Most of my technology is something I investigate purely for functionality, and the pieces I investigate are based on what people I know use. The people I trust in these cases are more inclined than most to do this kind of research, to perform technical interrogations, and to be aware of what producers of technology are up to.

This is how technology spreads and becomes common or the standard choice. In one sense, we all have the responsibility (one I am shirking) to investigate our technologies before we choose them. However, we must acknowledge that not everyone has the resources for this – the time, the skills, the knowledge, and therein endorsements become even more important to recognize.

Those producing a technology have the responsibility of making all of these angles something one could investigate. Understanding cannot only be the realm of experts. It should not require an extensive background in research and investigative journalism to find out whether a company punishes employees who try to unionize or pay non-living wages. Instead, these must be easy activities to carry out. It should be standard for a company (or other technology producer) to be open and share with people using their technology what makes them function. It should be considered shameful and shady to not do so. Not only does this empower those making choices about what technologies to use, but it empowers others down the line, who rely on those choices. It also respects the people involved in the processes of making these technologies. By acknowledging their role in bringing our tools to life, we are respecting their labor. By holding companies accountable for their practices and policies, we are respecting their lives.

Free Software Activities – September 2020

I haven’t done one of these in a while, so let’s see how it goes.

Debian

The Community Team has been busy. We’re planning a sprint to work on a bigger writing project and have some tough discussions that need to happen.
I personally have only worked on one incident, but we’ve had a few others come in.
I’m attempting to step down from the Outreach team, which is more work than I thought it would be. I had a very complicated relationship with the Outreach team. When no one else was there to take on making sure we did GSoC and Outreachy, I stepped up. It wasn’t really what I wanted to be doing, but it’s important. I’m glad to have more time to focus on other things that feel more aligned with what I’m trying to work on right now.

GNOME

In addition to, you know, work, I joined the Code of Conduct Committee. Always a good time! Rosanna and I presented at GNOME Onboard Africa Virtual about the GNOME CoC. It was super fun!

Digital Autonomy

Karen and I did an interview on FLOSS Weekly with Doc Searls and Dan Lynch. Super fun! I’ve been doing some more writing, which I still hope to publish soon, and a lot of organization on it. I’m also in the process of investigating some funding, as there are a few things we’d like to do that come with price tags. Separately, I started working on a video to explain the Principles. I’m excited!

Misc

I started a call that meets every other week where we talk about Code of Conduct stuff. Good peeps. Into it.

busy busy

I’ve been working with Karen Sandler over the past few months on the first draft of the Declaration of Digital Autonomy. Feedback welcome, please be constructive. It’s a pretty big deal for me, and feels like the culmination of a lifetime of experiences and the start of something new.

We talked about it at GUADEC and HOPE. We don’t have any other talks scheduled yet, but are available for events, meetups, dinner parties, and b’nai mitzvahs.

Fire

The world is on fire.

I know many of you are either my parents friends or here for the free software thoughts, but rather than listen to me, I want you to listed to Black voices in these fields.

If you’re not Black, it’s your job to educate yourself on issues that affect Black people all over the world and the way systems are designed to benefit White Supremacy. It is our job to acknowledge that racism is a problem — whether it appears as White Supremacy, Colonialism, or something as seemingly banal as pay gaps.

We must make space for Black voices. We must make space for Black Women. We must make space for Black trans lives. We must do this in technology. We must build equity. We must listen.

I know I have a platform. It’s one I value highly because I’ve worked so hard for the past twelve years to build it against sexist attitudes in my field (and the world). However, it is time for me to use that platform for the voices of others.

Please pay attention to Black voices in tech and FOSS. Do not just expect them to explain diversity and inclusion, but go to them for their expertise. Pay them respectful salaries. Mentor Black youth and Black people who want to be involved. Volunteer or donate to groups like Black Girls Code, The Last Mile, and Resilient Coders.

If you’re looking for mentorship, especially around things like writing, speaking, community organizing, or getting your career going in open source, don’t hesitate to reach out to me. Mentorship can be a lasting relationship, or a brief exchange around a specific issue of event. If I can’t help you, I’ll try to connect you to someone who can.

We cannot build the techno-utopia unless everyone is involved.

Racism is a Free Software Issue

Racism is a free software issue. I gave a talk that touched on this at CopyLeft Conf 2019. I also talked a little bit about it at All Things Open 2019 and FOSDEM 2020 in my talk The Ethics Behind Your IoT. I know statistics, theory, and free software. I don’t know about race and racism nearly as well. I might make mistakes – I have made some and I will make more. Please, when I do, help me do better.

I want to look at a few particular technologies and think about how they reinforce systemic racism. Worded another way: how is technology racist? How does technology hurt Black Indigenous People of Color (BIPOC)? How does technology keep us racist? How does technology make it easier to be racist?

Breathalyzers

In the United States, Latinx folks are less likely to drink than white people and, overall, less likely to be arrested for DUIs3,4. However, they are more likely to be stopped by police while driving5,6.

Who is being stopped by police is up to the police and they pull over a disproportionate number of Latinx drivers. After someone is pulled over for suspected drunk driving, they are given a breathalyzer test. Breathalyzers are so easy to (un)intentionally mis-calibrate that they have been banned as valid evidence in multiple states. The biases of the police are not canceled out by the technology that should, in theory, let us know whether someone is actually drunk.

Facial Recognition

I could talk about for quite some time and, in fact, have. So have others. Google’s image recognition software recognized black people as gorillas – and to fix the issue it removed gorillas from it’s image-labeling technology.

Facial recognition software does a bad job at recognizing black people. In fact, it’s also terrible at identifying indigenous people and other people of color. (Incidentally, it’s also not great at recognizing women, but let’s not talk about that right now.)

As we use facial recognition technology for more things, from automated store checkouts (even more relevant in the socially distanced age of Covid-19), airport ticketing, phone unlocking, police identification, and a number of other things, it becomes a bigger problem that this software cannot tell the difference between two Asian people.

Targeted Advertising

Black kids see 70% more online ads for food than white kids, and twice as many ads for junk food. In general BIPOC youth are more likely to see junk food advertisements online. This is intentional, and happens after they are identified as BIPOC youth.

Technology Reinforces Racism; Racism Builds Technology

The technology we have developed reinforces racism on a society wide scale because it makes it harder for BIPOC people to interact with this world that is run by computers and software. It’s harder to not be racist when the technology around us is being used to perpetuate racist paradigms. For example, if a store implements facial recognition software for checkout, black women are less likely to be identified. They are then more likely to be targeted as trying to steal from the store. We are more likely to take this to mean that black women are more likely to steal. This is how technology builds racism,

People are being excluded largely because they are not building these technologies, because they are not welcome in our spaces. There simply are not enough Black and Hispanic technologists and that is a problem. We need to care about this because when software doesn’t work for everyone, it doesn’t work. We cannot build on the promise of free and open source software when we are excluding the majority of people.

Endorsing Megan Byrd-Sanicki and Justin Colannino for the OSI Board

I am endorsing Megan Byrd-Sanicki and Justin Colannino for the Board of Directors of the Open Source Initiative. As an individual member of the OSI, I intend to vote for Megan. I intend to advise Affiliate Members to vote for Justin Colannino.

I’ve been on the Open Source Initiative board of directors for four years and have seen a lot going on in the organization during that time, as a board member, as an officer of the board, and as an activist focused on ethics in technology.

I pick these two candidates out of sincere enthusiasm for both of them, but I also pick them out of concern for the future of the OSI and open source.

These candidates as people

I will start off by disclosing that I actually just really like Megan and Justin. I think they’re both great humans who do wonderful things and are genuinely nice. They have traits I admire – they are generous, work hard for what they believe in, and keep their egos in check.

Megan and Justin are presenting themselves as people in their running from the OSI board. They work for two of the major tech companies (Google and Microsoft, respectively), however they don’t present themselves in context of their employers. They instead focus on their work for the open source community as members of the open source community.

They have lots of experience with non-profit organizations – having worked for important non-profits in the open source ecosystem, and continuing to volunteer within the community outside of their paid work.

These candidates as potential board members

Megan has an incredibly impressive non-profit background and an amazing ability to get things done. She knows how organizations work, what they need to work, and how to make that happen. The OSI needs to expand its organizational capacity through hiring and recruiting non-board volunteers. Megan understands this and knows how to make it happen. In spite of its age, the OSI lacks a lot of the infrastructure necessary for a growing non-profit, and I believe she’ll help rectify that.

For the past several months Megan has served as an advisory resource to the OSI – connecting us with consultants and experts to help with these organizational issues. She has demonstrated a desire to see the OSI succeed by actually helping it take the steps forward it needs to.

When we were making the decision to appoint board members, Megan was nominated by multiple people. I reached out to the nominees I could find contact information for. I had a great conversation with her, during which time she expressed a concrete vision for how she could participate and what she would bring. She had actual plans and detailed knowledge on how to execute them. I was impressed then and I was ecstatic to see that her interest in the OSI continued such that she stepped up to run for the board.

I’ve known and worked with Justin in several different FOSS contexts. He’s worked with friends of mine in a wide range of legal contexts – covering just about everything lawyers do in open source. I respect his expertise and opinions not just because he has shown himself to be knowledgeable and trustworthy, but because others I respect hold him in equally high regard.

Justin is familiar with the needs of non-profits from all of his work with them over the years – as an employee, as counsel, and as a volunteer. He understands what non-profits need to succeed from his years of experience. He is dedicated to the success of FOSS organizations and projects in ways I have seen few others demonstrate. I would especially like to highlights Justin’s work in helping to set up the legal foundations that enable Outreachy to be so successful and help so many people.

Justin is, of course, an expert in licensing and would be a boon for the organization. He goes a step further than just knowing about licensing and the Open Source Definition through theoretical and practical experience. Justin really believes in the ethics behind the OSD.

My major concerns

When defining myself in the context of open source, I am above all else a true believer and user freedom activist. This is what drives all the work I’ve done and do in my professional and volunteer life, from starting my involvement as a organizer at Penguicon in 2007; my volunteering with Debian, the OSI, the Software Freedom Conservancy, and Software Heritage; my work at the Berkman (Klein) Center for Internet and Society at Harvard Law School, One Laptop Per Child, MIT, the Free Software Foundation, and the GNOME Foundation; and my many additional projects relating to FOSS communities, some of which you can find published in the Journal of Peer Production.

My fear for the future of open source is that it becomes overly controlled by corporate interests. I think it is currently on this path and will only become worse if things continue the way they’re going. The OSI carries responsibility for this, as well as other individuals and organizations. It is imperative moving forward the the OSI is led by people who focus on the rights recognized and protected by the process of open source licensing. The board members need to understand the way open source fits into the narrative of our undeniable human rights.

Megan and Justin both work for some of the largest, most monolithic, and, at times, most egregious tech companies out there. However, these companies have also done a lot of good under their guidance. Most importantly, however, is that Megan is not running as an employee of Google and Justin is not running as an employee of Microsoft. They are running as people who care about the future of open source.

Ethical Source (2)

Continued from “Ethical Source.

Keeping Ethics in Open Source

For the sake of argument, we’re currently going to assume that open source (defined as “software under an OSI approved license”) does not adequately address social issues.

Ethical Source proponents suggest adopting licenses with “ethics clauses,” also frequently known as “do no harm clauses.” These include such points as:

  • must confirm to local labor laws;
  • may not be used by governments;
  • environmental destruction; and
  • may not be used to profit from “the destruction of people’s physical and mental health”

as well as the above examples from the Vaccine License and the Hippocratic License.

I would argue that these types of clauses are inherently flawed either due to ambiguity or unintended consequences.

To address the former, I want us to look at “environmental destruction.” There is a solid argument that all software causes environmental destruction – due to the drain on non-renewable energy resources. Software that makes cars safer also powers these cars, which fits into a narrative of car driven environmental damage.

When considering “the destruction of people’s physical and mental health,” we have to acknowledge how much software is damaging to both the physical and the mental. I am definitely having back problems due to poor posture as I sit typing away all day at my laptop. Social media has enabled bullying that has literally killed people.

These sorts of clauses are just too ambiguous to use.

Then there are more firm qualifiers, like must confirm to local labor laws. This seems rather straight forward, but there are plenty of places where women are still fighting for the right to work, for equal pay, and against all forms of discrimination. In some countries husbands can prevent their wives from working. Following local labor laws means creating a community where whole groups of people are not allowed to participating in the building of open source software.

I also want to point out that “government use” is a very broad category. Governments provide health care, social security, scientific funding, arts funding, and necessary infrastructure. By restricting government use, we are restricting our access to things like education and weather data.

Licenses are not the tool to push for social issues. Licenses are a tool to build equity, and they are even a tool to fight against inequality, but they alone are not enough.

Seth Vargo pulled source code from the Chef code base when it came to light that Chef was working with ICE. Google employees staged walkouts and protests against Project Dragonfly. Tech workers and contributors can institute codes of conduct, ban companies doing evil from their communities, refuse to accept pull requests or contracts, unionize, collectively organize, and simply refuse to work when the technology they’re creating is being used for evil or by evil.

The other problem with Do No Harm licenses is that they require the adoption of those licenses. There are already many open source licenses to choose from. Much of the critical infrastructure we’re discussing is being built by companies, which I think are unlikely to adopt Do No Harm licenses.

Acknowledgments to Elana Hashman for ideas here.

Ethical Source

This is going to be post one of some unknown number. I think I cannot write everything I want to say in one post, but also that it would just make it undigestably long.

Read part 2!

Is Ethical Source Open?

Let’s first define our terms here: “open source,” for the sake of this particular post, means “under an OSI approved license.” An OSI approved license must meet the points laid out in the Open Source Definition (OSD) — a ten point list of qualifications. “Ethical source” is being defined as being “under a license that applies moral or ethical limitations to the use and modification of the software.”

Ethical source is not open source. Eevery ethical source license I’ve seen violates OSD 5 and/or OSD 6.

5. No Discrimination Against Persons or Groups

The license must not discriminate against any person or group of persons.

6. No Discrimination Against Fields of Endeavor

The license must not restrict anyone from making use of the program in a specific field of endeavor. For example, it may not restrict the program from being used in a business, or from being used for genetic research.

The Vaccine License is a good example of the first:

The Vaccine License is a software license that requires that users vaccinate their children, and themselves, and that user businesses make a similar requirement of their employees, to the greatest extent legally possible. The required vaccinations are those recommended by the user’s national administration, for example the United States Center for Disease Control. There is an exception for those who, for medical reasons, should not receive a vaccine.

The Vaccine License is saying that you cannot use software under the vaccine license if you’re not vaccinated (medical exceptions exist).

The Hippocratic License violates the second point:

No Harm: The software may not be used by anyone for systems or activities that actively and knowingly endanger, harm, or otherwise threaten the physical, mental, economic, or general well-being of other individuals or groups, in violation of the United Nations Universal Declaration of Human Rights (https://www.un.org/en/universal-declaration-human-rights/).

Services: If the Software is used to provide a service to others, the licensee shall, as a condition of use, require those others not to use the service in any way that violates the No Harm clause above.

If you have been following the conversation around licenses and ethical source, this is not new. If you haven’t, then it might be!

In the former case, there is a straightforward connection: not vaccinated? Not eligible to use it! This is specifically about the individual user.

The latter example, the Hippocratic License, violates OSD 5 in that it may not be used by individuals (or groups of individuals) found in violation, but it also makes verboten fields of endeavor — horrible, illegal ones, but fields of endeavor none the less. You cannot use this software for torture.

Neither of these licenses are open source.

In general, ethical sources licenses place restrictions on individuals, groups, or fields of endeavor, this means that they cannot be open source.

Does it matter that they are not “open source”?

There is commercial and social value in a license being open source. For a company, it’s a friendly certification mark that appeals to customers, consumers, and potential employees. From a social perspective, by creating open source software you’re adding to the Software Commons — the resources available to everyone. This is just nice. Plenty of people want their software to be open source, and they especially want it to be open source on their terms.

In some contexts and for some people, ethical technology is nearly synonymous with free/open technology — or it is a prerequisite that a piece of technology be open source for it to be ethical.

There is also already a strong community around open source software. People consider themselves not just a member of a project’s community, but the open source community. By being part of the open source community, you are getting access to a lot of people and you are part of something. There’s a lot of value in that. It is understandable why proponents of Ethical Source licenses would want it to also be open source.

However, under the current circumstances, something simply cannot be open if there are restrictions to “ethical” cases.

Free software activities (November 2019)

November brings two things very demanding of my time: Thanksgiving and the start of fundraising season.

Free software activities (personal)

  • The Open Source Initiative had it’s twice-a-year face to face board meeting! Good times all around.
  • Debian is having a GR. I’ve been following the development of proposals and conversation, which is basically a part time job in and of itself.
  • Participated in Debian Community Team meetings.
  • I started drafting Bits from the Debian Community Team.
  • Wrote some blog posts! I liked them this month.
  • Wearing multiple hats I attended SustainNYC, talking about sustainability in free and open source software.
  • I submitted to some CFPs — SCaLE, FOSSASIA, and OSCON.
  • I am serving on the papers committee for CopyLeftConf, and for this I reviewed proposals.

Free software activities (professional)

  • We launched a fundraiser! (About a patent infringement case)
  • Funding a legal case is an expensive proposition, so I am also meeting with companies and potential large donors interested in helping out with the case.
  • We launched another fundraiser! (About general Foundation activities)
  • I participated in the hiring process to fill two roles at the GNOME Foundation.

Health care

One of the most important issues for free software within the US is one we rarely talk about: healthcare. That is why I am going to write about it.

These days, sustainability in FOSS is a hot topic. In my experience, for many years this conversation focused nearly exclusively on making FOSS -profitable- for companies, in order to create jobs. Now, the conversation is shifting to ask: what conditions do we need to create so that everyone who wants to work in FOSS can do so?

The answer is not the same for everyone, nor is it the same in every country. Someone supporting a family of two, three, four, or however many has greater income needs than I do, as my biggest financial responsibilities are debt and a cat. However, I also have a condition with a mortality rate estimated at 15%. Access to affordable, comprehensive health care is not just a nice perk, but crucial for my continued survival.

Access to health insurance has been the primary factor in all of my professional decisions: staying places where I was miserable, doing work I hated, even choosing where to apply. Access to health insurance was a major factor in my moving to Massachusetts, which offers health insurance to all residents.

While my free software career has been amazing — I am extremely lucky that I was able to cultivate a skill set and social network that enabled me to work in the greater sphere of FOSS (and previously open ed) — I would have made different decisions had I not been reliant on employers to provide me with health insurance.

In the United States (and many, many other places), access to affordable, comprehensive healthcare (from here on: healthcare) is a major factor holding people back from FOSS contribution. When your access to health care is tied to your employer, your time — and literally your life — is dependent on your employer. This seriously impacts your ability to even have free time, let alone using that time to build FOSS.

Since the creation of software largely relies on people’s professional skill sets, we’re asking people to do in their free time what they do in their paid time — design, develop software, plan architecture, organize events, maintain systems and infrastructure, be a lawyer, manage finances, and everything else that strengthens FOSS and FOSS communities. In asking someone to take on a leadership role in a FOSS project or community, you’re asking them to take on another job — one that comes with neither pay nor benefits.

When people face constant threats to their existence due to fearing for their lives (i.e. their health), it can be hard, if not impossible to spend their time contributing to FOSS, or indeed to any activist project.

People who live in societies that rise to meet the basic material needs of all citizens are able to spend time contributing to the greater good. Those of us struggling to survive, however, must forgo opportunities to become participating members of communities that are trying to change the world. Instead, we look to our employers (usually with commercial interests) to meet our needs.

When you work in tech, meeting our basic material needs through employer-sponsored insurance comes at a steep price: non-compete agreements, signing away patent and intellectual property rights, fights to ensure your work is available under a free and/or open source license, and giving up more than 8 hours a day/40 hours a week. When we try to create good FOSS in addition to that, we burn out, we become miserable, and we’re trapped.

People are incapable of creating FOSS when they’re sick, burnt out, worried about their health, struggling with an ongoing condition or disability, or dead. It’s that simple. [powerful]

People fighting for access to healthcare should care about free software for many reasons, but we as a free software community also need to care about access to health care. This is for the sake of ourselves and the sake of our communities. We cannot build the tools and resources the world needs when we are struggling simply to live.

If you accept the notion that lack of access to comprehensive healthcare impacts our ability to have the resources necessary to create something like free software, then we can acknowledge that, by providing health care to everyone, everyone will then be in a better, more equitable position from which they can contribute to FOSS and lead safer, happier lives.

According to the KHN, 8.5% of U.S. Americans didn’t have health insurance in 2018. Un-insurance rates are even higher among non-white populations according to HHS. As a community, we’ve accepted that the lack of diversity and the over-representation of cis white folks is a problem. We need to create more equitable conditions — so that people come to FOSS from similar places of privilege, rather than having a huge disparity in privilege and oppression. Providing health care to everyone will help alleviate this, and will enable more people to do the things they are passionate about — or things they will become passionate about once they have the chance to do so.

If we are to create a world where FOSS is successful, access to health care is paramount and we need to take it seriously.