Major Open Source Project Revokes Access to Companies That Work with ICE

"Apologies to any contributors who aren't employees of Palantir, but to those who are, please find jobs elsewhere and stop helping Palantir do horrible things"

On Tuesday, the developers behind a widely used open source code-management software called Lerna modified the terms and conditions of its use to prohibit any organization that collaborates with ICE from using the software. Among the companies and organizations that were specifically banned were Palantir, Microsoft, Amazon, Northeastern University, Motorola, Dell, UPS, and Johns Hopkins University. [...]

"Recently, it has come to my attention that many of these companies which are being paid millions of dollars by ICE are also using some of the open source software that I helped build," Jamie Kyle, an open source developer and one of the lead programmers on the Lerna project, wrote in a statement. "It's not news to me that people can use open source for evil, that's part of the whole deal. But it's really hard for me to sit back and ignore what these companies are doing with my code." [...]

Before he changed the license, Kyle left a comment on Palantir's Github asking the company to stop using the software. "Apologies to any contributors who aren't employees of Palantir, but to those who are, please find jobs elsewhere and stop helping Palantir do horrible things," Kyle wrote last week, linking to an article in The Intercept about the company's collaboration with ICE. "Also, stop using my tools. I don't support you and I don't want my work to benefit your awful company." [...]

After Kyle discussed his concerns with some of the other lead developers on the Lerna project, they assented to a change to the Lerna license that would effectively bar any organization that collaborates with ICE from continuing to use the software. This led to some developers calling the change illegitimate and lamenting that it technically meant the project was no longer open source. [...]

"I've been around the block enough to know how every company affected is going to respond," Kyle told me. "They're not going to try and find a loophole. I kinda hope they do try to keep using my tools though -- I'm really excited about the idea of actually getting to take Microsoft, Palantir or Amazon to court."

As for the hate he has received online about how open source projects shouldn't be politicized, Kyle said this misses the point.

"I believe that all technology is political, especially open source," he told me. "I believe that the technology industry should have a code of ethics like science or medicine. Working with ICE in any capacity is accepting money in exchange for morality. I am under no obligation to have a rigid code of ethics allowing everyone to use my open source software when the people using it follow no such code of ethics."

Previously, previously, previously, previously, previously, previously, previously.

Tags: , ,

41 Responses:

  1. Different Jamie says:

    I applaud the sentiment, but that is no longer open source, and I really hope doing that doesn't become a thing.

    A long time ago I used to joke about needing a license analysis tool. And then I ended up inserting them into build pipelines for the various $corporate_overlords. I imagine this will lead to new entries in project signoff sheets for risk analysis pertaining to the odds of some human somehow involved in a library we use deciding our company sucks, some API provider making bank providing up-to-date corporate blacklist analysis, various other lawyers confusing everything by intentionally misunderstanding what's going on, and a fun new round of the "Is open source worth it?" game.

    Because what we really had too little of was IP lawyers fucking about in engineering decisions.

    • jwz says:

      I applaud the sentiment, but that is no longer open source, and I really hope doing that doesn't become a thing.

      As he said, you can decide which bothers you more: contributing to the rise of fascism, or using a non-open-source license.

      I understand that for certain people that might be a tough call.

      • Different Jamie says:

        Fair enough. I'd probably feel differently if I thought this would actually make a constructive difference. Possibly lacking imagination after a long day, it just seems like one of those heart-in-the-right-place, godawful-tactics things that happen.

      • Billy says:

        Cue the Free Software Song!

      • Zygo says:

        What bothers me is "how does the social cost of changing the license, which is a huge deal for every corporate user of the code, have any effect at all on the social cost of Microsoft contributing to ICE operations?"

        I mean, Microsoft and fascists both deserve to experience inconvenience, but the only outcome I would expect is that Microsoft will present a different amount on their bill to the American taxpayer.

        Given that the project in question seems to be a large pile of JavaScript doing a shell script's job, giving the fascists an excuse to stop using Lerna could even be a net win for the fascists.

    • brisance says:

      Why would it no longer be open source? It’s just an exclusionary clause in the license, the source is still available. Those affected can fork it.

      • Gary van der Merwe says:

        The OSI Open Source definition has these clauses:

        5. No Discrimination Against Persons or Groups

        The license must not discriminate against any person or group of persons.
        6. No Discrimination Against Fields of Endeavor

        The license must not restrict anyone from making use of the program in a specific field of endeavor. For example, it may not restrict the program from being used in a business, or from being used for genetic research.

        And the Free software definition has this:

        The freedom to run the program as you wish, for any purpose (freedom 0).

        • brisance says:

          That applies to the modified version. I should’ve been clearer; ultimately this has little to no impact to these companies since they can use the previous version and incorporate their own changes that are free from copyright and license terms.

        • BHN says:

          And if those organizations could unilaterally define 'open source' then that would be that. There has always been tension between the definitions of open source and free software anyway, that's nothing new, and the meaning of 'open source' and which licenses meet it has always been somewhat open to interpretation.

          • Gary van der Merwe says:

            And if those organizations could unilaterally define 'open source' then that would be that.

            Yhea - but both the OSI and the FSF are fairly well respected organizations.

            There has always been tension between the definitions of open source and free software anyway, that's nothing new

            No. There is no tension between these two organization about what there definitions are. The tensions is about which has a better philosophy. Both organization's definitions would rule out Lerna's temporary license change, so this is irrelevant anyway.

            and the meaning of 'open source' and which licenses meet it has always been somewhat open to interpretation.

            Citation fucking need. Please take your whataboutism somewhere else.

            • BHN says:

              Some of the items in OSI's 'The Open Source Definition don't seem necessarily part and parcel of 'open source' to me, for instance:

              10. License Must Be Technology-Neutral:
              No provision of the license may be predicated on any individual technology or style of interface.

              I'm not sure exactly what problem that is trying to solve but we're getting pretty far from 'you have to be able to easily get the source code not just a compiled binary' - which is what I've always taken 'open source' to mean. Maybe I just don't get out enough. I doubt most people using or talking about open source software have read all ten points of that and I'm sure most wouldn't remember them all if they had.

              Tension between open source and free software definitions: 3rd hit on DuckDuckGo for: 'rms open source versus free software'.

              And from that page (RMS' words, not OSI's):
              "However, the obvious meaning for the expression 'open source software'—and the one most people seem to think it means—is 'You can look at the source code.' That criterion is much weaker than the free software definition, much weaker also than the official definition of open source. It includes many programs that are neither free nor open source."

              As for 'whataboutism', please go back and just re-read what I wrote afresh. I don't think to the average computer user there is anything particularly controversial there, and I was not trying to pick a fight.

              • broonie says:

                The idea with that requirement is that you can't release something like a client library for a web service and then require that it only be used with that web service - if someone wanted to set up a competing instance of the API or perhaps even take a bit of the implementation and use it for some unrelated purpose that should be fine.

                Both the FSF and the OSI definitions are based around the idea that it's not just important that you be able to get the source, modify and rebuild it but that you should also be able to both redistribute the results and incorporate bits of the code into other projects. The big difference between the two was that while the free software camp want all the derived works to also be distributed under similar terms the open source software camp didn't mind if the derived works were then made proprietary.

        • Rich says:

          6. No Discrimination Against Fields of Endeavor

          The fundamental tenet of the Free Software movement is that it is about societal freedom, a reaction and a challenge to unjust power.

          This is why "Free Software" is a much more socially responsible banner to walk under than "Open Source". The two have many commonalities, but diverge on ethical values; much as social Libertarians vs. political "Libertarians" share much on the outside, but differ in key areas of philosophy.

          Read the article What is free software? and follow the link to Why “Open Source” misses the point of Free Software. Please.

          If you come away from that thinking that not merely unethical, but inhumane treatment of immigrants is a fair "endeavor" that shouldn't be discriminated against, then okay I can't help you.

          • Shasta McNasty says:

            I can't believe I'm lining up on the side of both ICE and RMS here, but did you actually read the "What is free software" link you posted? Because it doesn't actually seem to say what you seem to think it does. Regarding the "fundamental tenets" (ugh) of the Free Software "movement" (ugh again), that page is pretty clear about the "four essential freedoms". See freedom 0: "The freedom to run the program as you wish, for any purpose ." The phrase "any purpose" is gonna encompass some purposes you (or I) consider evil.

            I can't find anything there about "a reaction and a challenge to unjust power" or instructions to discriminate against any endeavors. Which words on that link are you parsing to get that interpretation?

            Don't get me wrong, I think the policy of separating kids from parents at the border was terrible. On the other hand (trigger warning: whataboutism), plenty of American citizen children are separated from their American citizen parents when said parents are incarcerated for whatever reason. The question of balancing the societal need to protect and nurture children vs. the societal need to impose consequences for unlawful activities is not as simple as many ("on both sides") make it out to be.

            • Rich says:

              Here it is. It hasn't changed.

              We campaign for these freedoms because everyone deserves them. With these freedoms, the users (both individually and collectively) control the program and what it does for them. When users don't control the program, we call it a “nonfree” or “proprietary” program. The nonfree program controls the users, and the developer controls the program; this makes the program an instrument of unjust power.

              So, you campaign for those freedoms, but you don't campaign for real actual freedoms? That doesn't make any sense to me. Can you explain how it makes sense to you? Because you've left me floundering and I don't want to make shit up.

              • Shasta McNasty says:

                I'm not campaigning for any freedoms here, just accuracy. But I think you're ascribing motives to the "Free Software movement" (ugh) that they don't have. Seems to me actually that you're arguing the exact opposite of their apparent intent. As I see it, they don't want software developers to exert "unjust power" over software users. They say users should be "free" to use software for any purpose--which is gonna include evil ones. This license, restricting which users can use the software, would most likely be seen by the FSF as being an instrument of unjust power!

                I don't see anything in the various FSF or Open Source manifestos about GOVERNMENTAL unjust power...

                I have zero problem with this author restricting use of his work (not that anyone should give a shit about my opinion). But that's not free/open source software.

                • Rich says:

                  And this is where the "purity" view of software freedom counters the ethical.

                  If software freedoms begin to really, actually affect my other freedoms, then it becomes at one with nonsense like the "freedom" to open weapons of war, or the "freedom" to use your religion to oppress others.

                  This is why the free software movement (and the Free Software movement) need to grow a pair of ethics.

      • Nick Lamb says:

        There's a Definition, which says you can't have this sort of clause in your license because we've already been there and done that. But, as our host demonstrates, there's no cultural memory worth speaking of in play, given any opportunity to stab themselves in the back such people will be glad to have you position the dagger for maximum injury. Certain that this time they're not wrong, experience counts for nothing.

    • phuzz says:

      I've never seen the point of licensing software when you're releasing the source. Anyone who wants to use it is just going to do so, regardless of license, and if they don't feel like contributing their changes back, then they won't bother. Mostly you'll never find out about their use, and even if you do and they're breaking whatever stipulations you tacked on to the license, your only recourse is to somehow convince a court that someone on the other side of the world is copying the homework that you posted for free with a "please take" sign.
      If you want to control who uses your software it'll have to be closed source, with license keys and drm and dongles and all of that. And even then someone will probably pirate it and do what the fuck they want anyway.

      tl/dr if it's on the internet, you can't control who uses it.

      • margaret says:

        Not true. Having worked for a mega-corporate-overlord for many years where we used open-source, created open-source, and literally made billions of dollars on software that may or may not have been built using open-source components, we took what was in those licenses very seriously. If the licenses were outside of the mainstream (MIT, Apache, ...) then the lawyers would arbitrarily say no and that was that. Never once did we send a beer or a postcard. Anything that would have put us at risk of either a lawsuit or bad publicity was not allowed in the door. I have to think that most other mega-corporate-overlord companies worked similarly.

        • margaret says:

          And if you think this only applies in corner cases - think of the origin stories of MacOS, iOS, ontap, android, chrome, firefox, ... and the different business models of those companies.

        • HS says:

          Mega-corporate-overlords, yes.

          Lean 'growth-hacking' startups (like Palantir) with millions in funding? Do they maintain the same discipline about licenses.

      • Zygo says:

        If you're a corporation, you can't control the judges who will decide court cases in which you are the defendant.

        • phuzz says:

          So basically the only entities that will be negatively affected are large companies that can afford to hire lawyers and stuff?
          Ok, I've changed my mind, that's all fine.

          • Zygo says:

            Small companies are most negatively affected--they can't touch anything that isn't 100% pure open source.

            Large companies can afford to lose a few lawsuits, so for them it's a matter of how much of their profits they want to spend arguing with people on the Internet instead of complying with licenses.

  2. Krunch says:

    Looks like it's back to MIT license and Jamie Kyle has been "fired" from the project... https://github.com/lerna/lerna/pull/1633

    • jwz says:

      Well that didn't take long. Just over 24 hours for a full Palantir victory!

      • ennui says:

        you shouldn't be so glib, "professional software careers" were at stake...

        and you see, Palantir only does work for the good part of ICE..."

        • tobias says:

          "as well as actively and willfully disregarding the code of conduct that he himself added to the project."

          brilliant, hoisted by his own petard no less

          • James says:

            But what part of that code of conduct is he accused of violating?

            • tobias says:

              they have 'other unprofessional conduct' and 'otherwise unacceptable behavior' in the code of conduct, that would cover most bases.

              this evocateur essay is particularly hilarious given the author starts out with the premise that he completely supports the meaningless posturing, and yet wants to abandon the effort in order to quieten the (presumably unbearable?) noise.

              in their role as a US taxpayer the author contributes far more to ICE (and much worse!), than as some open source code slinging activist. some people just can't see out of their fishbowl.

  3. Bort says:

    Open source aside, I can copy lines of text and paste them into README file too. Microsoft has more money than he does. End of legal story.

    "Given that the project in question seems to be a large pile of JavaScript doing a shell script's job, giving the fascists an excuse to stop using Lerna could even be a net win for the fascists."

    • jwz says:

      As margaret explained above, that is not actually how corporations and their lawyers work. (Even evil corporations, but I repeat myself.)

      They wouldn't bother fighting this in court or risking legal exposure. It's cheaper just to rewrite it, so that's what they'd do.

      His stated goal was, "I want them to stop using my code". I think he would have succeeded at that goal with this approach, had they followed through on it.

      GPL violations, for example, are actually pretty rare. Most corporations just won't touch it in the first place. Most of the violations I've heard of have been in sketchy embedded systems, which is kind of a weird edge case anyway.

  4. robert_ says:

    The standard response to those who say "such and such should not become political": you're lucky you have the privilege of not having to be political because the current political situation doesn't directly threaten your livelihood.

  5. MrEricSir says:

    Software Freedom Conservancy wrote about this: Challenges in Maintaining A Big Tent for Software Freedom

    Their (somewhat predictable) take is that software freedom is akin to freedom of speech, and therefore deserves similar treatment in cases like this.

    I think the difference though is one person can use their free speech to say something awful, and another person can use their free speech to turn around and say, "Hey, that thing you said? It's awful and reflects poorly on you." Not sure how the same could apply to FOSS.

    • Ham Monger says:

      Also, the Supreme Court has ruled that free speech isn't absolute. Trivially, the shouting of "fire" in a crowded movie theater (when there isn't a fire). More relevant, hate speech isn't protected.

      In this context, the argument is whether software freedoms should inure to the benefit of fascists. Personally, I'm pretty willing to discriminate against fascists, which are not a protected class anywhere (and recent political horrors have still not yet made them a de jure protected class).

Leave a Reply

Your email address will not be published. But if you provide a fake email address, I will likely assume that you are a troll, and not publish your comment.

You may use these HTML tags and attributes: <a href="" title=""> <b> <blockquote cite=""> <code> <em> <i> <s> <strike> <strong> <img src="" width="" height="" style=""> <iframe src="" class=""> <video src="" class="" controls="" loop="" muted="" autoplay="" playsinline=""> <div class=""> <blink> <tt> <u>, or *italics*.

  • Previously