Docstoc

Outline for ABA Open Source project

Document Sample
Outline for ABA Open Source project Powered By Docstoc
					THE FOLLOWING PAPER ON A SUBJECT OF INTEREST IS POSTED FOR INFORMATIONAL
PURPOSES ONLY. THE VIEWS EXPRESSED IN IT HAVE NOT BEEN APPROVED BY, AND
SHOULD NOT BE CONSTRUED AS REPRESENTING THE POSITION OF, THE AMERICAN BAR
ASSOCIATION ("ABA") OR THE ABA SECTION OF INTELLECTUAL PROPERTY LAW.




                        OPEN SOURCE IN GOVERNMENT OUTSIDE THE USA:
                A SNAPSHOT OF TODAY AND A FORECAST FOR TOMORROW




  Don McGowan*
  Montreal, Quebec, Canada




  *
       Don McGowan is an attorney with the Montreal office of Osler, Hoskin & Harcourt LLP. This paper would
       not have been possible without the invaluable assistance of Dave Stoltenberg of the Montana Business
       Incubator, Toni Tease, a solo practitioner and patent attorney and Chair of the Open Source Code
       Subcommittee of the Committee #701 - Computer Programs of the ABA Section of Intellectual Property
       Law, Craig Delger from InfoGears, Inc. in Bozeman, Montana, John Burns of Hunton & Williams in
       Raleigh NC, and Benjamin Hayes of Kirkpatrick & Lockhart in Washington DC. Errors and omissions in
       this article are attributable solely to Mr. McGowan and not to Osler, Hoskin & Harcourt LLP or any of its
       attorneys, or any reviewer or other person named herein. Please note that these views have not been
       approved by the House of Delegates or the Board of Governors of the American Bar Association and should
       not be construed as representing the position of the American Bar Association nor the Section of Intellectual
       Property Law.

       The information in this paper is current to September 17, 2003. Note that all Internet links referenced in this
       paper were live as of September 1, 2003 unless otherwise noted.



MONTREA:104568.3 200310061100
0080444
1. INTRODUCTION                                                                         3



2. OPEN SOURCE: DEFINITIONS AND CONCEPTS                                                4

2.1  “OPEN SOURCE” DEFINED                                                              4
2.2  WHAT IS AN “OPEN SOURCE” LICENSE?                                                  7
2.3  THE GPL: AN EXTREME (?) EXAMPLE OF AN OPEN SOURCE LICENSE                          9
2.4  “SHARED SOURCE” AND THE “GOVERNMENT SECURITY PROGRAM” – ARE THESE
PROPRIETARY FORMS OF “OPEN SOURCE”?                                                    11

3. OVERVIEW OF OPEN-SOURCE SOFTWARE USE BY GOVERNMENTS                                 13

3.1     AFRICA                                                                         14
3.2     THE AMERICAS                                                                   15
3.3     ASIA                                                                           16
3.4     AUSTRALIA AND NEW ZEALAND                                                      18
3.5     EUROPE                                                                         18

4. IMPLICATIONS OF OPEN SOURCE FOR GOVERNMENTS                                         20

4.1     LICENSING AND ITS LIMITS: THE HIDDEN HAND OF US LAW                            21
4.1.1      SCO LITIGATION                                                              23
4.2     CREATING AND SUPPORTING LOCAL DEVELOPERS (BY LEGISLATION OR OTHERWISE)         26
4.2.1      LEGISLATING A SOLUTION: LAWS MANDATING OPEN SOURCE                          28
4.2.2      RESOURCE ALLOCATION: IF GOVERNMENT WILL DEVELOP SOFTWARE, THEN WHAT KIND?   29
4.3     “SPYHOLES” AND PREVENTING OUTSIDE ACCESS TO GOVERNMENT INFORMATION             31
4.4     OPENNESS AND ITS ALTERNATIVES: CONSEQUENCES OF OPEN SOURCE FOR SOCIETY         36

5. CONCLUSION                                                                          40
                                                        -3-



“The future of software lies somewhere in a yet to be explored synergy between the clashing
cultures of the freeware and commercial worlds...”1



1. Introduction
It is by now trite to say that intellectual property rights have become some of the most valuable
assets in the world economy. Their purchase, sale, and other commercialization has led to some
of the world’s greatest fortunes, to say nothing of the massively increased quality of life for those
people able to benefit from the products that have been developed and marketed in reliance upon
the protection that these rights have given.
The protection granted to intellectual property rights in Western legal systems is substantial.
Under most if not all systems of intellectual property right, a creator of an item to which
intellectual property rights apply is an owner, and has similar rights over the item created as the
owner of a physical product. As practitioners of intellectual property law know well, these rights
are limited in ways that may seem artificial or even counterintuitive to non-attorneys, and these
limitations on intellectual property rights are themselves able to be limited. If a customer wants a
particular piece of intellectual property badly enough, they are free to waive many if not all of
the rights that they would be provided under the law. In the world of software, many basic
intellectual property rights are buttressed, often significantly so, with license agreements.
One standard element of a software license is a restriction upon the user’s right to access and
work with the source code.2 But some software producers have declined to insist upon restrictive
terms in their licenses. When they provide software, they either do not prohibit the purchaser’s
accessing the source code, or in some cases they actually provide the source code along with the
software. In the industry, such software is often called “open source”. An acquirer of open-
source software3 is therefore able to have its own representatives examine the software and
determine whether it will fulfill the claims made for it by its producer; for some software, the
acquirer is even permitted to change the source code to produce better or even different effects.
While no one has claimed that the use of open source code software will usher in a thousand
years of peace and harmony, the missionary zeal shown by open source proponents is different
from the attitudes of the proponents of many other business practices. Advocates of the use of
open-source software describe themselves as members of the open source “movement,” a
descriptor not used for advocates of six-sigma management or double-entry bookkeeping. But


1
     Keith Porterfield, Information Wants to be Valuable: A Report From the First O’Reilly PERL Conference,
     (www.netaction.org/articles/freesoft.html).
2
     While it is far beyond the scope of this paper to provide an in-depth description of the process of software
     development, “source code” is the actual code written by the programmer, and is distinguished from “object
     code” which is the set of instructions followed by the machine. A programmer will write source code in a
     language such as C++, C#, or Visual Basic; that source code is not usable by the computer in that form, but
     must be “compiled” into object code in order to be understood by the computer.
3
     The term “open source” is a compound noun; in conformity with standard English and the recommendation of
     the Open Source Institute, when used as an adjective in conjunction with a noun it will be hyphenated (e.g.
     “open-source software”). See Open Source Institute, “FAQ” (www.opensource.org/advocacy/faq.php).

MONTREA:104568.3 200310061100
0080444
                                                           -4-


this is more than mere language; although “open source” is not equivalent to “without cost,”4
many open-source software producers have made their software cost-free and some open-source
software requires that any incorporation of that software will have to be distributed without cost
as well. It is perhaps that last “viral” aspect of open-source software that has caused a somewhat
visceral reaction from the producers of non-open-source software -- that and the sheer vitriol that
some members of the open-source movement heap upon them in public fora throughout the
Internet.
However much open- and non-open-source software producers may disagree, open-source
software is certainly gaining in use around the world. While developments in the United States
have been circumscribed both by cultural preferences for private property rights and by the fact
that some of the most significant developers of non-open-source software are themselves based
in the United States, the use of open-source software outside the United States has gained some
level of acceptance. Especially in developing countries, some of the largest consumers of
information technology are governments, and around the world many governments are for
various reasons considering the use of open source as a viable if not preferred alternative to other
types of software. But the adoption of open-source software by government has implications
beyond computers and operating systems that both governments and open-source programmers
may not have considered and that may not be desired by one, the other, or both.
The first section of this paper is a discussion of what “open source” is and what it is not. Next,
the paper investigates current use of open-source software in government outside the USA.
Finally, this paper will analyze certain trends and predictions that can be discerned from the state
of open source today, and what its adoption in governments outside the USA would mean for the
direction those governments and the open source movement might take tomorrow.

2. Open Source: Definitions and Concepts

2.1 “Open Source” defined
Much confusion exists around the use of the term “open source”, and in particular by the
confusion arising from the use of the term “free” in conjunction with open-source software.
“Open source” software does not mean cost-free software, nor does it mean software in the
public domain.5 All the term “open source” would seem to mean in the strictest interpretation of
the term is that the source code for the software is made available to users of software. That is,
the product sold is in fact two distinct but intimately related elements: an executable program
file, and the source code that was compiled to make the executable program file. The source code
could be written in any language, such as Visual Basic6 or Java, and the programmer would
neither be required to provide either a compiler to render the source code into object code nor to
provide any explanation of the thought or technique behind the source code. Just by making the

4
     About which, see more in section 2.1 of this paper.
5
     See David Wheeler, Why Open Source Software / Free Software (OSS/FS)? Look at the Numbers!, 2003,
     section 1 (www.dwheeler.com/oss_fs_why.html).
6
     Id., section 9.11. Visual Basic is a Microsoft-created restricted-source programming language for Microsoft
     Windows, but that does not mean it cannot itself be used to create open source. As of June 21, 2002, there were
     at least 831 open-source programs written in Visual Basic and 8,867 total for the Microsoft Windows
     environment.

MONTREA:104568.3 200310061100
0080444
                                                         -5-


source code available to users of the software, the programmer has left it “open”. In contrast,
where the source code is not made available to users of the software, that program is not “open
source” but rather something else.
Contrary to some perceptions, providing source code with compiled software is not particularly
unusual. Much customized software developed for a specific customer is delivered with the
source code having been either provided to the customer as well or placed in escrow. As IP and
licensing attorneys well know, software escrow agreements are commonplace and are
incorporated into commercial software development agreements for such reasons as protecting
the customer in the event of bankruptcy on the part of the developer or allowing verification of
the source code in the event of dispute as to the proper functioning of the software.7 Such source
code is “open” in the sense that it is there to be read and reviewed, but not in the sense that the
customer has any right to change it; in fact, another use of software escrow agreements is to
allow the producer to demonstrate that the code as delivered was different from the code as
compiled in a customer’s computer in order to avoid liability for such changes.
While organizations involved in the open source movement have noted the potential for a
baseline definition of “open source” as reflecting simply access to the source code, 8 the term as
commonly used in the open source movement does not reflect this baseline definition. As
Lawrence Lessig put it,
                      Proprietary software is like Kentucky Fried Chicken. Open source... is like
                      Kentucky Fried Chicken sold with the “original secret recipe” printed in bold on
                      the box.9
As Lessig’s pithy description notes, “open source” software is commonly understood to reflect
additional elements and not just access to the source code.10 This essay will reserve the term
“open-source software” for software whose license fulfills additional criteria above and beyond
providing the source code along with the object code as described in section 2.2 of this paper.
“Open-source software” can then be distinguished from “provided-source software”, being
software whose source code is distributed along with the compiled program but without the right
to change or otherwise vary that source code, and “restricted-source software”, being software
whose source code is not distributed even for those limited reasons.


7
     Id., section 9.3. As these same attorneys also know from experience, while governments today will pay for
     custom-developed software, they tend to be the most insistent upon the full protection of software escrow
     agreements; they also tend to require that software developed for them not be incorporated into any other
     product or offering to the public. One open-source advocate has noted that “all [open-source] programs are
     automatically in escrow” because their source code is open to the public, although this does not allow
     governments the exclusivity that some would desire even today.
8
     For example, the Open Source Initiative (“OSI”), an organization dedicated to the commercialization of open-
     source software, notes that “Unfortunately, the term “open source” itself is subject to misuse, and because it’s
     descriptive, it can’t be protected as a trademark (which would have been our first choice).” Open Source
     Institute, OSI Certification Mark and Program (www.opensource.org/docs/certification_mark.php).
9
     Lawrence Lessig, Open Source Baselines: Compared to What? ROBERT W. HAHN, ED., GOVERNMENT POLICY
     TOWARD OPEN SOURCE SOFTWARE (2002) 50, 50.

10
     For example, the OSI notes that the term “open source” has both a descriptive and a normative component, but
     does not distinguish clearly between them. Open Source Institute, Frequently Asked Questions
     (www.opensource.org/advocacy/faq.php).

MONTREA:104568.3 200310061100
0080444
                                                          -6-


“Open source” definitely does not mean “free”, or at least not in the sense that the term is often
understood.11 Some members of the open-source movement have adopted the word “free” to
describe their products and their ideology, then immediately redefine the word to exclude
“without cost” and limit it to “without restriction”.12 Other open-source advocates do not draw
this distinction, or at least do not do so clearly.13 The expression “information wants to be free”,
commonly used in discussions of open source, may be meant in the sense that “sharing
information should be unrestricted”, but all too often it is understood by recipients as meaning
“information should be shared without cost”.14 While some members of the open-source
movement go to great lengths to explain that “information wants to be free” does not mean that
information should have no cost,15 many companies and individuals have often found it hard to
understand or follow the shifting meanings of the word “free” used in the open-source
community. Some open-source advocates have recommended that the word “free” be avoided
precisely because of this ambiguity: they do not want open-source software to be confused with
software that is distributed without cost but also without the source code.16 Others have noted
that the word “free” tends to be used by those advocates who focus on issues of freedom from
control or other ethical issues, while “open source” is used more by people who promote the
perceived technological advantages of open-source software.17 Therefore, notwithstanding many
in-depth and well-explained rationales for referring to open-source software as “free” software18


11
     The ambiguity derives from the fact that English uses the same word for both “without cost” and “without
     restriction”, but many non-English languages do not. The French “gratuit” and the German “kostenlös” both
     mean “without cost” and not “without restriction”, which are referred to as “libre” and “frei” respectively.
12
     For example, both the GNU Public License (“GPL”) and the Lesser GNU Public License (“LGPL”) developed
     by the Free Software Foundation (“FSF”) speak of “free” software and contain the following explanation of that
     term: “When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are
     designed to make sure that you have the freedom to distribute copies of free software (and charge for this
     service if you wish), that you receive source code or can get it if you want it, that you can change the software
     or use pieces of it in new free programs; and that you know you can do these things.” See Preamble, GPL,
     version 2 (June 1999) (www.opensource.org/licenses/gpl-license.php);and Preamble, LGPL, version 2.1
     (February 1999) (www.opensource.org/licenses/lgpl-license.php)
13
     For example, the first of the OSI’s 10 Principles is of “Free Redistribution”, which uses the word “free” in the
     traditional sense of “without cost”. See Open Source Institute, Definition
     (www.opensource.org/docs/definition.php), where the requirement to keep distribution “free” is justified
     because it will “eliminate the temptation to throw away many long-term gains in order to make a few short-term
     sales”.
14
     For an interesting analysis of this expression and the implications in the ambiguity that it creates, see Richard T.
     Kaser, If Information Wants to be Free... Then Who’s Going to Pay for It?, 6 D-LIB MAGAZINE
     (www.dlib.org/dlib/may00/kaser/05kaser.html). Kaser notes a third usage of “free”, namely “free from
     conventional structure”, but this usage is not common in discussions of open source.
15
     See e.g. Eric Steven Raymond, The ‘Information Wants to be Free’ Myth, THE MAGIC CAULDRON
     (catb.org/~esr/writings/cathedral-bazaar/magic-cauldron/ar01s04.html).
16
     See e.g. the OSI’s position that it would be undesirable for Microsoft Internet Explorer to be called “free”
     simply because it is distributed at no cost. Open Source Institute, Why “Free” Software is too Ambiguous
     (www.opensource.org/advocacy/free-notfree.php).
17
     Wheeler, supra note 5.
18
     See e.g. RAJANI, NIRANJAN. FREE AS IN EDUCATION: SIGNIFICANCE OF THE FREE/LIBRE AND OPEN SOURCE
     SOFTWARE FOR DEVELOPING COUNTRIES (2003) (www.maailma.kaapeli.fi/FLOSSReport1.0.html). Note that
MONTREA:104568.3 200310061100
0080444
                                                         -7-


and also notwithstanding that many open source advocates use the word in this context,19 it
should be avoided. While intellectual property law is replete with specialized terminology having
a technical meaning or even common words used in a technical manner,20 the ambiguity in the
word “free” militates in favor of adopting a different term at least for the purposes of legal
analysis.21

2.2 What is an “open source” license?
It may seem somewhat ironic that open software is distributed under the terms of some rather
strict licenses. Certainly, the complexity of open source licenses is no less than that of
commercial software, and some governments that have allowed the use of GPL-licensed
software have noted this complexity and advised agencies using such software to consult their
legal counsel for interpretation of open source licenses.22 In fact, the use of licenses reflects a
conscious decision by open-source software developers to preserve and protect not just software
but the political decisions inherent in the development of “open-source” software, and to do so in
the context of traditional legal vehicles. Under both the civil and the common law, licenses are
used to effect a grant of rights from a rightsholder to another person. They are contracts like any
other, and they are intended to have the effects of contracts.23 In particular, open source licenses
purport to control not just the use to which users can put open-source software, but also the use
that such people may make of the source code provided along with the software.
The OSI sets forth a series of 10 criteria for it to consider a license to be “open source”:24


     Rajani’s article is very long and does not have section numbers, making it difficult to cite to sections with any
     accuracy.
19
     Although many do not: see e.g. the OSI’s decision to adopt the term “open source” to avoid the “confrontational
     attitude” that many proponents of the term “free” have had. Open Source Institute, History of the OSI
     (www.opensource.org/docs/history.php).
20
     Such as fair use, which has a specific technical meaning to lawyers as a defence to copyright infringement
     claims but which to the average member of the public means something more broad, such as “I’m being
     reasonable in how I’m using this copyrighted information”. See Kaser, supra note 14.
21
     At least, different terms should be used unless and until the word “free” is commonly-used and understood in
     the sense of “without restriction” when discussing software. At present, using the word “free” in the context of
     software carries a rehabilitative implication not dissimilar to the attempt to rehabilitate the word “hacker” by
     dissociating it from criminal activity; for more on this other attempt, see RAJANI, supra note 18. While words in
     English can and do change their primary meanings and lose their political overtones (one obvious example is
     the word “gay”, which no longer carries its prior primary meaning of “happy” although it can still be used in
     that sense), the term “free” in conjunction with software has not reached that point.
22
     For example, the US Department of Defense has taken the position that “[as open source] licensing provisions
     may be complex, the DoD Components are strongly encouraged to consult their legal counsel to ensure that the
     legal implications of the particular license are fully understood.” See memo from John P. Stenbit, Chief
     Information Officer, Department of Defense, May 28, 2003 (www.egovos.org/pdf/OSSinDoD.pdf).
23
     See e.g. LAWRENCE LESSIG, CODE AND OTHER LAWS OF CYBERSPACE 105 (1999) where he describes the GPL
     as “a contract that sets the terms that control the future use of much open source software”.
24
     These criteria (referred to in this essay as the “OSI’s 10 Principles”) are set forth in more detail and with an
     explanation of the principles and rationales behind thereby the OSI on its website. See OSI supra note 13. The
     OSI’s 10 Principles are derived from the Debian Free Software Guidelines. See OSI supra note 19.

MONTREA:104568.3 200310061100
0080444
                                                         -8-


1. Free Redistribution: The license must not restrict any person from selling or giving away
   the software.25
2. Source Code: The program must be distributed with source code or with a well-publicized
   means for obtaining the source code, and must allow distribution in source code and
   compiled form.
3. Derived Works: The license must allow for users to modify and derive their own works
   from the original work, and to distribute their works under the same terms as the original
   license.26
4. Integrity of the Author’s Source Code: The license may permit authors to prohibit
   downstream works so long as the license allows for downstream users to create “patch files”
   that will integrate into the upstream work to create the new work,27 and may permit upstream
   programmers to require that downstream versions will carry a new name or version number.
5. Non-discrimination (personal criteria): The license must not prohibit distribution of the
   software to a person or group based upon discriminatory criteria, even where the jurisdiction
   in which the software is created may have laws prohibiting such distribution (e.g. U.S. export
   control laws that prohibit distribution of certain products to countries such as North Korea,
   Iran, and Cuba).
6. Non-discrimination (usage criteria): The license must not prohibit use of the software for a
   particular purpose (e.g. the license may not prohibit use of the software by a company).
7. Self-contained licenses: The license must contain all the conditions of use of the software
   (e.g. no non-disclosure agreements may be required for use or obtaining the software).
8. Product-neutral licenses: The license may not require the software to be distributed with
   other products or software.
9. Non-restrictive licenses: The license may not set restrictions on the other software that is
   distributed with the software (e.g. by requiring that all other software distributed on the same
   medium be open source).
10. Technology-neutral licenses: The license may not be predicated upon the use of any
    particular technology or style of interface.



25
     Contrary to popular opinion, an open source license, even one that meets the OSI’s 10 Principles, does not
     require that the software be distributed free of charge. Many companies have developed OSI-approved open
     source licenses that involve the product’s being sold for a profit. See e.g. IBM’s Public Source License version
     1.0 (www.opensource.org/licenses/ibmpl.php).
26
     In keeping with software industry nomenclature, such works are referred to in this essay as “downstream”
     works and the work from which they are derived is called the “upstream” work. This avoids the use of the term
     of art “derivative”, which has a technical meaning in US copyright law that may not be applicable or applicable
     in the same way outside the United States.
27
     For people who do not code software, this may be a difficult concept to understand: think of a jurisdiction
     where it is unlawful to sell a mixed drink, but not to sell a glass of orange juice and a shot of vodka for mixing
     by the customer. The upstream provider furnishes a program that cannot be distributed in a mixed form by a
     downstream programmer, but must allow the downstream programmer to provide both the original program and
     the additional element to be added to make the new mixed program.

MONTREA:104568.3 200310061100
0080444
                                                             -9-


On its website, the OSI provides links to and copies of 47 different licenses that it has declared to
be consistent with these 10 Principles,28 and it has developed a certification mark to be used to
accompany products whose licenses are consistent with the OSI’s 10 Principles.29 In addition, a
developer who wishes to create a new open source license consistent with the OSI’s 10
Principles and receive the OSI’s certification mark may do so by submitting that license to the
OSI for comment and approval.30

2.3 The GPL: An extreme (?) example of an open source license
Of these open source licenses, the GPL is arguably one of the most controversial and is certainly
one of the most political. In its Preamble, the GPL sets forth that it is far more than simply a
means of stipulating the usage rights of a downstream user of software. According to the GPL,
“[t]he licenses for most software are designed to take away your freedom to share and change it.
By contrast, the GNU General Public License is intended to guarantee your freedom to share and
change free software--to make sure the software is free for all its users.”31 And by “free” the GPL
would mean both senses of the word: without restriction and without cost. One of the aims of the
GPL is to push for-profit software out of the marketplace.32
The GPL also contains provisions that go beyond the OSI’s 10 Principles. For example, the GPL
not only clearly disclaims any warranty for the software,33 but it may prohibit anyone from
offering a warranty for GPL-licensed software;34 this disclaimer may create issues in non-U.S.
legal systems where warranties in the consumer goods context cannot be waived even by
consent.35
However, the most controversial element of the GPL is what has been described by some people
as its “viral” nature: any program based upon a program to which the GPL applies becomes itself

28
     Open Source Institute, Open Source Licenses (www.opensource.org/licenses/index.html). The 43rd-47th licenses
     were added on September 3, 2003.
29
     OSI, supra note 8.
30
     Id.
31
     GPL, supra note 12, Preamble. See also LGPL, supra note 12, Preamble, which contains a similar stipulation
     changed for the context of the LGPL.
32
     David S. Evans, Politics and Programming: Government preferences for Promoting Open Source Software,
     HAHN, ED. 34, 39.
33
     GPL, supra note 12, Preamble and sections 11-12; LGPL, supra note 12, Preamble and sections 15-16 contain
     identical text. So as not to single out the GPL and the LGPL for unfair criticism, it should be noted that many
     open source licenses contain similar language purporting to waive warranties that are unwaivable in many
     jurisdictions: see section 4.1 of this paper for more on this point.
34
     GPL, supra note 12. While section 1 of the GPL states that a person “may at [their] option offer warranty
     protection in exchange for a fee” and section 12 of the GPL states that “in no event unless required by
     applicable law or agreed to in writing will any copyright holder, or any other party who may modify and/or
     redistribute the program as permitted above, be liable to [the user] for damages”, the Preamble to the GPL states
     to the contrary that “we want to make certain that everyone understands that there is no warranty for this free
     software”. See also the section of the GPL entitled “How to Apply these Terms to Your New Programs”, which
     suggests the use of the command “show w” to call up section 12 of the GPL.
35
     See section 4.1 of this paper for more on this point.

MONTREA:104568.3 200310061100
0080444
                                                        - 10 -


subject to the GPL, whether the author wants it to be or not.36 While the GPL does not purport to
affect upstream code, it does purport to place severe criteria upon downstream use of GPL-
licensed code, and it would probably not be overstating the case to say that the viral nature of the
GPL strikes fear into the hearts of restricted-source software developers.37 If a programmer
working for a restricted-source software development company creates a module or section of a
program using code derived from a GPL-licensed program, not only does that portion of the
program remain GPL-licensed (requiring the company to distribute the source code for that
module or section), but under the terms of the GPL the entire program becomes open source as a
result of the decision to use the GPL-licensed code.38 That is, use of GPL-licensed code in a
small portion of a program results in the whole program’s being subject to the GPL.39 This goes
far beyond the OSI’s requirements for open-source software, under which the license must allow
modifications to be distributed on the basis of the original license; the GPL requires that
modifications must be distributed in accordance with the GPL.40
While it is questionable as to whether there is anyone with standing to enforce the GPL
especially outside of the United States,41 this “viral” nature of the license and the uncertainty
surrounding that status has caused restricted-source software producers to take notice of the GPL
and to be concerned that it will cause their proprietary technologies to become open source in all
senses of that term.42 Even under the OSI’s 10 Principles, it is not a requirement of open source
36
     GPL, supra note 12, section 6. This is a direct consequence of the GPL’s applying not just to the program itself
     but also to “any derivative work under copyright law” (Id. section 0).
37
     See e.g. Craig Mundie, The Commercial Software Model
     (www.microsoft.com/resources/sharedsource/Initiative/speeches/mundie.mspx) where Craig Mundie,
     Microsoft’s CTO, called the viral nature of the GPL “a threat to the intellectual property of any organization
     making use of it.”
38
     See GPL, supra note 12, section 5 for this principle: “by modifying or distributing the Program (or any work
     based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions
     for copying, distributing or modifying the Program or works based on it.”
39
     Moreover, the FSF has recognized the possibility that a programmer may wish to create a software library that
     is open source but that can also be used by restricted-source programs without rendering those programs open
     source (in order that the software library may become a de facto industry standard). To deal with this situation,
     the FSF created the LGPL, which it describes as a hybrid between the GPL and the BSD licenses. The LGPL
     specifically allows restricted-source programs to link to an LGPL-licensed library and to rely upon that library
     in its operation without itself becoming open source (at section 5 of the LGPL). That is, programs upstream
     from the LGPL-licensed library are not themselves made subject to the LGPL. However, programs downstream
     from the LGPL-licensed library are subject to it.
40
     RAJANI, supra note 18.
41
     Again in the interest of avoiding an unfair emphasis on the GPL, it should be immediately noted that the same
     issue arises with most if not all other open source licenses.
42
     Interestingly, open source and the GPL have not been so threatening to software companies that they are afraid
     to pay money to acquire open source and even GPL-licensed products. Microsoft’s first TCP/IP stack was a
     BSD-licensed, open source implementation (although this has since been replaced by a restricted-source
     alternative developed by Microsoft), its Hotmail® service has several servers in the stack running on FreeBSD,
     and its Services for UNIX package includes both restricted-source and over 200 open-source tools, including
     some governed by the GPL. Jason Matusow, Is This the Right Room for an Argument?
     (www.microsoft.com/resources/sharedsource/Initiative/speeches/OReilly.mspx). Note also that where Microsoft
     has changed the code for its GPL-licensed products, it has been scrupulous about releasing those changes to the
     community.

MONTREA:104568.3 200310061100
0080444
                                                          - 11 -


that the license be applied to downstream works.43 The choice by FSF to require downstream
works to be open source may have serious implications in the use of GPL-licensed software by
governments.44

2.4   “Shared source” and the “Government Security Program” – are these
      proprietary forms of “open source”?
While many members of the open-source movement would contend that open source “is not an
attack directed at specific companies,”45 it is impossible upon reading even random headlines to
contend that the open-source community has defined itself in opposition to a perceived common
foe: Microsoft.46 Far and away the largest restricted-source software company in the world,
Microsoft has recently moved slightly away from its prior perceived position, having chosen to
become a provided-source company for certain product lines under certain conditions.
Under its “Shared Source” program, first announced on May 3, 2001,47 Microsoft agreed to make
the source code for many of its Windows operating systems available to various communities.
As of July 2003, 14 different Shared Source license packages provide access to the source code
for up to 9 different Microsoft programs, including some of the most widely-used Microsoft
commercial software.48 All 14 of these license packages provide the licensee with the right to
access the source code, with most providing the right to debug, and some providing the right to
modify the source code for personal use, distribute the modified source code, and even
commercialize that modified code.49 One of these licenses, the Government Security program, is
targeted directly at governments and their need to “evaluate the security” of Microsoft software.50
At first glance, a license providing the right to access source code, modify it, and commercialize
those modifications would meet if not exceed the minimalist definition of “open source”, namely


43
      For example, the BSD license does not require that downstream works be open source, simply that a person
      who produces a downstream work must provide all the code to the downstream user that they received from the
      upstream source. See BSD license (www.opensource.org/licenses/bsd-license.php); the BSD license has been
      certified by the OSI as being compliant with the OSI’s 10 Principles.
44
      Explored in more detail in section 4.1 of this paper.
45
      Georg C. F. Greve, Free Software in Europe: European perspectives and work of the Free Software Foundation
      Europe (fsfeurope.org/documents/eur5greve.html).
46
      See e.g. Clay Shirky, A Group Is Its Own Worst Enemy (2003) (shirky.com/writings/group_enemy.html).
47
      Mundie, supra note 37.
48
      These licenses provide access to all versions, beta releases and service packs for Microsoft Windows 2000,
      Windows XP, Windows Server™ 2003, Windows CE, Windows CE.NET, C#/JScript/CLI Implementations,
      ASP.NET Samples, .NET Passport Manager, and Visual Studio .NET Academic Tools. See Microsoft,
      Microsoft Shared Source Initiative Overview
      (www.microsoft.com/resources/sharedsource/Initiative/Initiative.mspx).
49
      More information about the various rights provided by the various Shared Source licenses is available at
      Microsoft, Shared Source Licensing Programs
      (www.microsoft.com/resources/sharedsource/Licensing/default.mspx), with a table distinguishing their essential
      elements at Microsoft, supra note 48.
50
      Microsoft, supra note 49

MONTREA:104568.3 200310061100
0080444
                                                         - 12 -


that the source code be open to review by users of the software. But neither Microsoft51 nor the
open-source movement52 sees Shared Source as in any way equivalent to open source.
Putting aside complaints that basically amount to a claim that Shared Source is unfair to
developers because Microsoft receives a benefit from it as well as the argument that Shared
Source is just as “viral” as the GPL,53 there are two comments about Shared Source that are
relevant to use of Shared Source at the government level.54
The first comment derives from issues that Microsoft itself makes clear in the terms of Shared
Source licenses: they are limited by country. Shared Source licenses are not offered at all to
“Cuba, Iran, Iraq, Libya, North Korea, Sudan, and Syria, which are subject to US trade
embargoes”.55 Even this minimal restriction runs contrary to the OSI’s 10 Principles, which
require that open source software be made available to any person in any country.56 But beyond
this minimal restriction, certain of the Shared Source licenses are only made available in a
specific “white list” of countries.57 As of July 2003, residents of India wishing to join the OEM
Source Licensing Program would be told that they could not; this Shared Source license was not
made available to them. This may reflect a business decision by Microsoft, but it also reflects a
reality that for many countries, Shared Source is not presently and may never be an option for
software development.
The list of those governments to which Microsoft’s Government Security Program is made
available is not even published but must be obtained by sending an email to Microsoft to request



51
     See e.g. Mundie, supra note 37: “Shared Source is not Open Source.”
52
     Wheeler, supra note 5.
53
     See e.g. Open Source Institute, Shared Source: A Dangerous Virus
     (www.opensource.org/advocacy/shared_source.php).
54
     There is a third aspect of Shared Source that may make it a difficult option for some governments, namely the
     requirement that the government in question be a significant customer of Microsoft products. For example, one
     of the eligibility requirements for any customer’s admission to the Enterprise Source Licensing Program is that
     the customer maintain 1,500 Windows seats (Windows 2000 or above) under either an Enterprise Agreement or
     a Select Agreement with Upgrade Advantage or Software Assurance; this may be a significant outlay for some
     government ministries or even for governments. Microsoft, Enterprise Source Licensing Program,
     (www.microsoft.com/resources/sharedsource/Licensing/Enterprise.mspx).
55
     Microsoft, Shared Source Licensing Programs Availability by Country
     (www.microsoft.com/resources/sharedsource/Licensing/Availability.mspx).
56
     Namely Principle 5. See section 2.2 of this paper. Note that all Americans are subject to these trade restrictions,
     not just Microsoft; it is just that many Americans decline to abide by them or have assessed the risk of
     discovery and prosecution as low. They are, however, raised in the SCO v. IBM lawsuit, where SCO notes that
     the potential presence of portions of UNIX code in Linux would be an attempt to circumvent US export control
     restrictions. See paragraph 116 of SCO’s Amended Complaint and section 4.1.2 of this paper.
57
     For example, the Enterprise and Systems Integrator Source Licensing Programs, and the Windows CE Shared
     Source Premium Derivatives and Windows CE Shared Source Premium Derivatives Distribution Licensing
     Programs were as of July 2003 only available in Australia, Austria, Belgium, Brazil, Bulgaria, Canada, the
     Czech Republic, Denmark, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Japan, Luxembourg, the
     Netherlands, New Zealand, Norway, Poland, Portugal, South Korea, Spain, Sweden, Switzerland, the United
     Kingdom, and the United States. See Microsoft, supra note 55.

MONTREA:104568.3 200310061100
0080444
                                                         - 13 -


the information.58 Governments that have not been approved by Microsoft will not be provided
any Microsoft source code, and they will find another alternative. But even those governments
that are approved for the Government Security Program receive only “the information and source
code access needed to evaluate the security of the Microsoft Windows platform”,59 which would
imply that the source code access provided is less than other licenses.60
The second issue arising from Shared Source licensing goes to the contention that modified code
cannot be released without a license from Microsoft. The idea that licenses are required from a
company to use and modify its products is not surprising in a commercial context, as it is how
restricted-source software remains restricted source. Nonetheless and while some Shared Source
licenses do provide for modification and non-commercial distribution and others allow for
commercial distribution of modified source code, the idea that permission from an American
company is required for a government to distribute programs that the government has itself
developed may be unpalatable in some countries. Governments that do not appreciate a
requirement to seek permission from any company, let alone an American one, may find open
source to be an attractive alternative.61

3. Overview of open-source software use by governments
Having reviewed in some detail the nature of open-source software licensing and provided some
meaningful distinction between “open source” and its alternatives, it is now time to consider the
issues arising from the use of open source by governments outside of the United States.62
Many of these issues have been previously flagged by other commentators as either being
impediments to the adoption of open-source software by governments or reasons that open-
source software should be adopted by governments (sometimes the same criterion is even
invoked as both an impediment and an incentive). What this paper will demonstrate is that many
of the legal issues that arise in the use of open-source software by governments are similar to
those confronted by governments outside the open-source context; in fact, these are issues that
arise with governments as soon as they confront the decision to start using any form of
information technology. Deciding between open-source, provided-source, or restricted-source is,
in many instances, a red herring. However, some issues, including some that are specific to open
source, can have significant impacts on legislation and government decision-making.

58
     Id. Microsoft claims that the program is available to “more than 60 countries with intellectual property regimes
     that meet international standards”; see Microsoft, Government Security Program
     (www.microsoft.com/resources/sharedsource/Licensing/GSP.mspx). As of February 2003, Russia, China, the
     UK, and NATO were known to be approved; see Inquirer Staff, Microsoft opens Windows source in China,
     THE INQUIRER, February 28, 2003 (www.theinquirer.net/?article=8047).
59
     Microsoft, supra note 49.
60
     Interestingly, the Government Security Program appears to be the only Shared Source license that only allows
     viewing the source code without providing rights to debug the code. Microsoft, supra note 48.
61
     See section 4.1 of this paper for more on this issue.
62
     This paper does not review purely private sector use of open-source software, although government regulation
     of certain industries and permission to use open-source software in those sectors can be considered as
     government action and will be discussed as appropriate. For such a discussion, see RAJANI, supra note 18. Note:
     the present paper is based upon research as of July 2002; open source is a very fast-moving area of both law and
     business and no representation is made for currency of research (or even links) after that date.

MONTREA:104568.3 200310061100
0080444
                                                      - 14 -


At the organizational level, conferences promoting the use of open-source software by
governments and the private sector in developing countries have been held in recent years in
Malaysia (to promote open source use in Afghanistan),63 Trinidad and Tobago,64 the Dominican
Republic,65 the Middle East (Bahrain, Kuwait, and Oman),66 and Vietnam.67
Some governments have gone a step further than just conferences. MIMOS Berhad, an advisor to
the Malaysian government, has launched the Asian Open Source Centre, or AsiaOSC, a
centralized registry of information about open source activities in Asia. Their website provides
an excellent resource to identify groups and projects ongoing in the region, country by country. 68
In addition, non-governmental organizations (“NGOs”) in many countries have partnered with
universities to investigate and promote open source, including in Argentina,69 Australia,70
Bolivia,71 and Uganda.72 On a regional scale, some NGOs unite efforts in many countries or even
continent-wide, including the Free and Open Source Foundation for Africa (FOSSFA),73 the
Open Source Foundation for Africa.74 And of course there are Linux and open source users’
groups in nearly every country.

3.1 Africa
Africa’s use of open source software, or any software at all, is typically concentrated in the larger
metropolitan areas, and use and adoption of open source solutions is in many ways contingent
upon development of a reasonable communications and information technology infrastructure.
However, there are several projects ongoing in various countries.75 Bridges.org, a non-profit




63
     Asia Open Source Centre, Afghanistan (www.asiaosc.org/enwiki/page/afghanistan.html).
64
     Taran Rampersad, The Trinidad and Tobago Linux Users Group and the FLOS Caribbean Conference, LINUX
     JOURNAL, June 26, 2003 (www.linuxjournal.com).
65
     CESAR BROD, FREE SOFTWARE IN LATIN AMERICA (2003) (www.maailma.kaapeli.fi/lamaerica.html).
66
     Anne-Birte Stensgaard, Linux unstoppable in Middle East says IBM, AMEINFO, June 22, 2003 (2003, June 22)
     (www.ameinfo.com/news/detailed/25361.html).
67
     Asia Open Source Centre, Vietnam (www.asiaosc.org/enwiki/page/Vietnam.html).
68
     Asia Open Source Centre, ProjectInfo: About AsiaOSC (www.asiaosc.org/article_7.html).
69
     BROD, supra note 65.
70
     Asia Open Source Centre, Australia (www.asiaosc.org/enwiki/page/australia.html).
71
     BROD, supra note 65.
72
     Victor van Reijswoud, Open Source Software – the Alternative for Africa (n.d.) 5 (www.opensource.org).
73
     FOSSFA, Renaissance for Liberating Africa (June 2003) (fossfa.org).
74
     Id. See also van Reijswoud, supra note 72 at 5, who traces the origin of OSFA to a workshop in Addis Ababa,
     Ethiopia.
75
     NICO COETZEE, FREE AND OPEN SOURCE SOFTWARE IN AFRICA (2002). (www.maailma.kaapeli.fi/africa.html).

MONTREA:104568.3 200310061100
0080444
                                                         - 15 -


organization based in Cape Town, South Africa, began a study in 2002 comparing the use of
open-source and restricted-source software in Africa that should be complete by late 2004.76
The most significant government adoption of open source in Africa has been by South Africa,
and secondarily Nigeria.77 In May 2003, the South African cabinet of ministers approved the
Government Open Source Software strategy, adopted with an eye to cost savings, which
recommends that the government implement open source software in cases where it is an
appropriate option and proposes that open source policies be integrated more widely with e-
government policy, IT strategies, and the communications sector.78 In addition, the South African
Government Information Technology Officers Council has set a policy to prefer open source
applications when proprietary alternative do not offer a compelling advantage.79

3.2 The Americas
For a time and perhaps in response to reports that it would owe about $30 million USD to
acquire licenses for all of its illegally-obtained restricted-source software,80 Peru was considering
a law that would have made it one of the vanguard states in adopting open source. Under this
law, government agencies would have been required (not “encouraged” or “recommended”) to
use open source software. While this bill was eventually not passed, 81 it does represent one of the
strongest legislative positions in favor of open source that has ever been proposed.
The GNOME project, originally conceived in Mexico, provides a user-friendly desktop and set
of tools in developing GUI applications, both for the GNU/Linux operating system. A project
entitled Red Escolar Libre did not fare as well, designed to provide low cost support to Mexican
schools; today the project is essentially dead due to unforeseen implementation and support
costs.82
Brazil presently has a number of open source software projects and initiatives ongoing, and, after
Mexico, is the most active country in Latin America, though almost none has been exported
(perhaps because Brazil is the only Portuguese-speaking country in the area). However, the most
significant open source development in Brazil and possibly in all of the Americas would be the
decision in June 2003 by the Brazilian government that it would migrate 80% of all computers

76
     Philipp Schmidt and Shafika Isaacs, Comparison of Open Source and Proprietary Software in Africa 2002
     (www.techsoup.org/pop_printer_news.cfm?newsid=1149).
77
     John Yarney, South Africa, Nigeria move on Linux adoption INFOWORLD, July 8, 2003
     (www.infoworld.com/article/03/07/08/Hnafrolinux_1.html).
78
     Id. For commentary on this strategy, see the Center of Open Source and Government, The Center of Open
     Source & Government Endorses South African Open Source Strategy and Provides Policy Guidelines
     (www.egovos.org/southafricanstrategy.html). For a report from the government perspective, see National
     Advisory Council on Innovation, Open Software & Open Standards in South Africa: A Critical Issue for
     addressing the Digital Divide 2002 (www.naci.org.za/docs/opensource.html).
79
     Paul Festa, South Africa considers open source, CNET, February 5, 2003 (news.com.com/2100-1001-
     983315.html).
80
     Craig Mauro, Opening doors for open-source, SILICONVALLEY.COM, June 25, 2002 (www.siliconvalley.com).
81
     See section 4.1 of this paper for more discussion of this proposed bill.
82
     BROD, supra note 65.

MONTREA:104568.3 200310061100
0080444
                                                      - 16 -


used in state institutions and state-owned businesses from Microsoft to the Linux operating
system.83 This plus Brazil’s legislation requiring the use of open source in municipal
governments would make Brazil one of the most aggressive proponents of open source.84
Perhaps not surprisingly given its status as subject to US export control laws, Cuba has also been
active in adopting open source. For example, Cuba uses Linux as the operating system for
INFOMED, a telemedicine network of the Ministry of Public Health, developed in 1992 and was
the world’s first to offer nationwide coverage and use the Linux operating system. 85
Although one of the most significant software-developing countries in the world, Canada has not
adopted open source at the government level in any significant or even noteworthy way. 86

3.3 Asia
Some commentators have predicted that 2003 is likely to see a significant increase in open
source software projects and usage throughout Asia.87 At the operating system88 and software
development levels,89 some Asian countries have taken steps toward implementations of open-
source software that go beyond trial runs. In addition, some countries, most significantly China
and Japan, have made significant private sector investments in open source,90 possibly in order to
develop an industry that could use the size of the Asian market to wrest overall control of the
software sector from Microsoft and other American companies.91


83
     Gonzalo Porcel, The Brazilian Public Sector to Choose Free Software, PCLINUXONLINE, June 7, n.y.
     (www.pclinuxonline.com/modules.php?name=News&file=article&sid=6879).
84
     Stefano Comino and Fabio M. Manenti, Open Source vs Closed Source Software: Public Policies in the
     Software Market (2003) at 6 (econwpa.wustl.edu/eps/io/papers/0306/0306001.pdf).
85
     BROD, supra note 65.
86
     See e.g. Dee-Ann LeBlanc, Linux in Canada: Are We Going Open Source Yet?, LINUXPLANET, n.d.
     (www.linuxplanet.com/linuxplanet/reports/4325/1/).
87
     Robin Miller, 2003: the year of Asian Linux THE REGISTER, December 27, 2002
     (theregister.co.uk/content/4/28689.html).
88
     For example, South Korea’s HancomLinux signed a contract with Korea’s Central Procurement Office to
     supply the government with 120,000 copies of its Linux desktop office productivity software. FREDERICK
     NORONHA, LIBERATION TECHNOLOGY FOR THE LANDS OF DIVERSITY? FREE SOFTWARE IN ASIA (2003).
     (www.maailma.kaapeli.fi/asia.html).
89
     Japan has taken some steps to implement open source in its government, such as a Linux-based payroll system.
     Reuters, Japan Govt Opts for Linux for Payroll System, YAHOO! NEWS, July 8, 2003 (news.yahoo.com)
90
     Michael Singer, Transmeta Bolsters Overseas Connections, INTERNETNEWS.COM, June 13, 2003
     (www.internetnews.com/infra/print.php/2222101); RedFlag-Linux Staff, Oracle and Red Flag Software
     Company have established a strategic cooperative relationship in China, May 7, 2003 (www.redflag-
     linux.com/jujiao/enews_view.php?id=1000000016). See also NORONHA, supra note 88. While private sector
     developments would be beyond the scope of this paper and ordinarily would not draw comment here, they are
     noteworthy in this context so as not to understate the commitment of the Japanese and other Asian economies
     (which can often be proxies for their governments) to open source.
91
     Rob Enderle, Japan Strikes Against Microsoft with Open Source TECHNEWSWORLD, September 8 ,2003
     (www.technewsworld.com/perl/story/31522.html).

MONTREA:104568.3 200310061100
0080444
                                                     - 17 -


Perhaps surprisingly, Malaysia claims to be ahead of all other Asian countries aside from Japan
in the number of GNU/Linux server shipments, having committed itself to open source in
November 2002.92 The People’s Republic of China has taken many significant steps toward a
home-grown software industry based upon open-source software, the most recent of which
would be the recent announcement of the State Council of the People’s Republic of China that, at
the time of the next systems upgrade for all government ministries, the government will purchase
only hardware preinstalled with domestic operating systems and applications.93 In addition, there
have been significant steps made toward development of Chinese open-source-based software,
including public-private partnerships with American- and other foreign-owned companies.94
The governments of the Republic of China (Taiwan),95 India,96 and Pakistan97 have all started
programs to promote and even subsidize the use of open source in government systems, and as
noted the government of South Korea has bought 120,000 copies of Hancom Linux; this would
be sufficient to convert 23% of its installed base of Microsoft Windows users.98 In Singapore,
companies using Linux receive tax breaks.99
However, not all Asian countries have adopted open source solutions, and even some countries
without many other options have not looked to open source as a way to implement information
technology. Both Chinas (the People’s Republic100 and Taiwan101) are also part of Microsoft’s
Government Security Program. The government of Iran has not shown any signs of wanting to
implement open source software; since Iran is subject to export control laws, open source would
provide one way for the country to build a software developer infrastructure, but it has
apparently declined to follow this lead.102


92
      Charles Moreira, Malaysia backs open source CNET, December 8, 2002
      (asia.cnet.com/newstech/systems/0,39001153,39071821,00.htm). See also NORONHA, supra note 88.
93
      CNETAsia Staff Writers and Zhang Xiaonan, China blocks foreign software, CNET, August 18, 2003
      (news.com.com/2100-1012_3-5064978.html). See also NORONHA, supra note 88.
94
      Michael Singer, Transmeta Bolsters Overseas Connections, INTERNETNEWS.COM, June 13, 2003
      (www.internetnews.com/infra/print.php/2222101); RedFlag-Linux Staff, Oracle and Red Flag Software
      Company have established a strategic cooperative relationship in China, May 7, 2003 (www.redflag-
      linux.com/jujiao/enews_view.php?id=1000000016).
95
      Tiffany Kary, Taiwan opens arms to open source, CNET, June 4, 2002 (news.com.com/2100-1001-
      931765.html). See also NORONHA, supra note 88.
96
      David Becker, India Leader Advocates Open Source, CNET, May 29, 2003 (news.com.com/2100-1016_3-
      1011255.html).
97
      NORONHA, supra note 88.
98
      Wheeler, supra note 5.
99
      Comino and Manenti, supra note 84.
100
      Inquirer Staff, supra note 58.
101
      Winston Chai, Taiwan: Open-source pressure won MS price cut, CNET, March 3, 2003
      (news.zdnet.co.uk/story/0,,t269-s2131322,00.html).
102
      NORONHA, supra note 88.

MONTREA:104568.3 200310061100
0080444
                                                        - 18 -


3.4 Australia and New Zealand
Australia is relatively active in the use and adoption of open source software and the government
is actively creating legislation to promote open source usage. On September 17, 2003, the
opposition Democratic party served notice of an intention to introduce a private member’s bill
dealing with “open standards” and requiring that the government “consider the procurement” of
open source and avoid the purchase of a proprietary system.103
The Government of Australia made it clear in 2002 that it supported the trial and implementation
of open-source software as long as it met the “fit-for-purpose and value-for-money” criteria.104 A
bill on the use of Open Source Software was put before the house in 2003 that outlined the
benefits of open-source software and contrasted them with perceived disadvantages to restricted-
source software; the Initiative for Software Choice (ISC) urged the government to drop the bill
on the grounds that the bill would limit software choices for Australia’s government.105 Perhaps
in response to this, an open source bill has been proposed for the state of South Australia, New
South Wales, and the Australian Capital Territory.106

3.5 Europe
At the EU level, open-source software is an actively-considered option. In 2002, the European
Commission awarded €250,000 to a consulting firm to develop guidelines and define EU
strategy with the adoption and use of open source software for desktop computing. 107 The EU has
also undertaken several initiatives and studies to evaluate and plan for the use of open-source
software.108
In almost every country in the EU, the use of open source software is on the government agenda,
but the most active country would have to be Germany. For example, in Germany, 12% of all
public sector desktops use open source software,109 and the Bundestag has mandated that all
public administration servers run Linux.110 Its federal Ministry of the Interior has produced a


103
      Simon Hayes, Democrats move open source bill, AUSTRALIANIT, September 17, 2003
      (http://australianit.news.com.au/articles/0,7204,7293078%5E15319%5E%5Enbv%5E15306,00.html).
104
      ZDNet Staff, Australian govt green-lights open source, ZDNET, November 11, 2002
      (www.zdnet.com.au/newstech/os/story/0,2000048630,20269838,00.htm).
105
      Sam Varghese, South Australia urged to drop bill on Open Source software, THE AGE, June 16, 2003
      (www.theage.com.au/articles/2003/06/16/1055615720403.html).
106
      Hayes, supra note 103. See also Simon Hayes, Open source laws likely for SA, AUSTRALIANIT, June 25, 2003
      (australianit.news.co.au).
107
      John Leydan, Brussels to spend €250k on Linux migration study, THE REGISTER, October 30, 2002
      (www.theregister.co.uk/content/archive/27853.html).
108
      See e.g. International Institute of Infonomics (University of Maastricht) and Berlecon Research, Free/Libre and
      Open Source Software: Survey and Study, June 2002 (floss.infonomics.nl/report/index.htm). See also RAJANI,
      supra note 18.
109
      Patrick Thibideau, EU embraces open source, COMPUTERWORLD, March 2003
      (www.computerworld.com/printthis/2003/0,4814,79361,00.html).
110
      Comino and Manenti, supra note 84 at 6.

MONTREA:104568.3 200310061100
0080444
                                                        - 19 -


publication entitled Standards and Architectures for e-Government Applications,111 which details
the standards that should be considered by German government ministries in implementing e-
government. Aimed at decision-makers in organization and information technology in German
administrations, SAGA provides heuristics to aid government in deciding what technological
standards to adopt. These heuristics are based upon 3 criteria: acceptable programs primarily use
a browser as their front end, they forego active content as much as possible so that users are not
required to reduce their security settings, and they do not store program parts or data on the
user’s computer in order to preserve privacy and security (e.g. they do not rely upon permanent
cookies).112 SAGA also provides a list of standards in certain areas of information technology.
The standards are either “mandatory” (when the standard is tried and tested and represents a
preferred solution, and there can be competing mandatory standards if they have clearly different
functionalities or core applications), “recommended” (when they are tried and tested but
consensus to adopt them has not been reached), or “under observation (when they are in line with
current trends but not yet mature or of unproven value).113
While SAGA is obviously not a full solution for open source,114 it is instructive to note that its
criteria when applied are source-neutral. For text documents, SAGA authorizes 4 file types as
“mandatory”: ASCII text (.txt), HTML, MIME, and PDF version 4, with XML “recommended”
and PDF version 5 “under observation”.115 PDF documents are created for use with Adobe
Acrobat Reader, a restricted-source technology,116 HTML documents can be created by any text
editor and read using restricted-source or open-source software, and ASCII text documents can
be created and read in any environment. Similarly, spreadsheets have 2 “mandatory” file types:
comma-separated value (.csv) and PDF version 4, with PDF version 5 “under observation”.117
Other European governments using open-source software in government and promoting its use
both inside government and outside include France,118 the Netherlands,119 and Italy; Italy and
France have also discussed legislation mandating open source.120 In public and parapublic
institutions, open source software is also readily available and used. In Denmark, Sun


111
      Bundesministerium des Innern, SAGA (Standards and Architectures for e-Government Applications) (2003)
      (www.kbst.bund.de/Anlage302807/SAGA+Version+1.1++English+(445.kB).pdf).
112
      Id. at page 8.
113
      Id. at page 17.
114
      For example, SAGA is silent as to the operating system and basic office applications suite that should be used
      on government computers.
115
      Id. at page 32.
116
      Although PDF file creation is available outside the Adobe Acrobat suite: OpenOffice 1.1 (on which portions of
      this paper were written) has a feature allowing for the creation of PDF files.
117
      Id. at page 33.
118
      RAJANI, supra note 18.
119
      IT Analysis, Linux in Europe, THE REGISTER, June 16, 2003 (www.theregister.co.uk/content/4/31207.html).
120
      Camino and Manenti, supra note 84 at 6. See also Register staff, Linux in Europe, THE REGISTER, June 16, 2003
      (www.theregister.co.uk/content/4/31207.html).

MONTREA:104568.3 200310061100
0080444
                                                          - 20 -


Microsystems has made a deal to provide StarOffice software to all school pupils and teachers.121
In addition, many European governments have committed funding to the development of open-
source software, with Germany again in the lead.122
Outside the EU, open source is just as actively-used: as befits the home of Linus Torvalds, the
creator of the Linux kernel, the Finnish State Administration is considering the replacement of
Windows with Linux on 147,000 computers.123
Again, not all countries in Europe have adopted open source, and some seem to have decided to
cast their lot with Microsoft and Shared Source. For example, Russia has very little open source
activity underway, and it is a member of Microsoft’s Government Security Program. 124 And in
the UK each agency chooses its own software, although the Cabinet Office has provided a policy
allowing use of open source.125

4. Implications of open source for governments
So far, this paper has addressed the use of open-source software as though there was a clear
dichotomy: buy restricted-source software or acquire open-source software. In fact, there is a de
facto “third way” – don’t buy restricted-source software, just copy and use it illegally. In 2000,
97% of all software used in Vietnam was used in violation of copyright and patent laws; this was
the highest percentage in the world, followed by 94% for the People’s Republic of China.126
While this approach may have worked in the past, as more and more governments bring their
countries into the international economy where intellectual property rights are protected
stringently, pirated software will become less and less acceptable both for private firms and
especially for governments.
As has been noted above, open source is not just a means of providing software but an entire
constellation of ideas. Some of these ideas may not mesh well with some ideologies, but the
ideological differences between governments do not seem to have impacted upon a government’s
decision to adopt or reject open-source software; that is, open source use does not seem to be
correlated to any type of government.
The rest of this paper will analyze the interplay between legislation and legislative decision-
making and open-source software use, and demonstrate that a commitment by a government to


121
      RAJANI, supra note 18.
122
      Stephen Shankland, Germany-Funded Linux software arriving, CNET, January 30, 2003 (news.com/2100-
      1001-982816.html).
123
      RAJANI, supra note 18.
124
      Associated Press, Microsoft Shares Code with Russia, WIRED NEWS, January 20, 2003
      (www.wired.com/news/infostructure/0,1377,57299,00.html).
125
      Office of the e-Envoy, Open Source Software – Use Within UK Government: Version 1 2002 (www.e-
      envoy.gov.uk/assetRoot/04/00/21/60/04002160.rtf).
126
      RAJANI, supra note 18.For this reason, any figure stating the penetration of Microsoft Windows into a country
      should be suspect, unless it is clearly noted as stating only the penetration of licensed, purchased copies;
      similarly, figures indicating Linux installations will often not account for multiple installations, which are of
      course legal. Wheeler, supra note 5.

MONTREA:104568.3 200310061100
0080444
                                                        - 21 -


the use of open-source software entails various other financial and ideological commitments for
which many governments may not be prepared.

4.1 Licensing and its limits: the hidden hand of US law
In order to understand the implications of open source outside the United States, it is important
to set forth the manner in which US law and legal concepts inform open source. Many aspects of
open-source licenses such as the GPL are predicated on US law or US legal concepts, and
outside such concepts the GPL and other open-source licenses may not be easily understood.
Moreover, and although open-source software is intended to be designed by programmers acting
in concert throughout the world and sent to users around the world, these programmers and users
are physically located in a particular area in the world, and it may be the case that these
programmers are being asked to waive rights that are unwaivable in their local jurisdiction.
Finally, many open-source licenses include waivers of liability and other conditions that are
inapplicable in certain jurisdictions. Some commentators have noted these waivers as
inapplicable in their local jurisdiction and that open-source licenses may therefore be
unenforceable. This may be true, although there would not appear to have been any instances
outside where courts outside the USA have been called upon to interpret these licenses. It may
also be true that a closer analysis of the arguments that the GPL and other open-source licenses
may be unenforceable demonstrate differences between US law and other laws dealing with
adhesion contracts. In fact, the argument over whether the GPL is enforceable outside the USA is
just one instance of a broader argument over the enforceability of adhesion contracts in general
under non-American legal systems.

4.1.1 Enforceability of licenses based in US law outside the USA
A general discussion of the differences between US law and non-US law is well beyond the
scope of this paper. However, it is impossible to understand the interpretation given to licenses
such as the GPL without an understanding of the civil law notion of “public order” and the civil
law treatment of consumers as protected parties. There are two types of public order in the civil
law, one that can be waived by the protected party (called “directive public order”) and one that
cannot be waived (called “protective public order”). Unlike in the United States, where many
states allow for the waiver of some or all consumer protections (e.g. the warranties that
traditionally accompany a contract for sale of goods under UCC-2), civil law jurisdictions treat
consumer protection issues as notions of protective public order and take the position that any
waiver of the application of consumer protection legislation is null.127 In addition, many civil law
jurisdictions contain requirements that all adhesion contracts must be drafted in the local
language or else it is null.128 The effect of such nullity is that the contractual stipulations that
would purport to bind the consumer are deemed to be unwritten.
The impact of this different perspective in the context of open source is significant. As noted
above, the GPL contains many conditions governing the use of GPL-licensed software, one of

127
      For example, the Canadian province of Quebec, a civil law jurisdiction, contains the following statement at
      article 3117 Civil Code of Quebec: “The choice by the parties of the law applicable to a consumer contract does
      not result in depriving the consumer of the protection to which he is entitled under the mandatory provisions of
      the law of the country where he has his residence...”
128
      See e.g. Quebec’s Charter of the French Language, section 55, which holds that an adhesion contract that is not
      drafted in French is null.

MONTREA:104568.3 200310061100
0080444
                                                         - 22 -


which is a disclaimer of all warranties.129 That is, the GPL contains a clear statement that a
person who decides to use GPL-licensed software does so at their own risk and no warranty or
other promise is made to the user that the software will work in any way.130 In many jurisdictions,
especially in civil code jurisdictions, such waivers violate local law and are invalid. For example,
it is arguable that under German and European Union law, a waiver of liability under the GPL
that would purport to exonerate a codewriter from any liability for harmful consequences arising
from use of the software or for defects in the software would be invalid.131 This would raise the
question of whether a programmer who releases code under the GPL could nonetheless be held
responsible in the EU or in Germany for any defect in the code. Certainly, from the text of the
GPL, no such responsibility is possible, but the laws of Germany and the EU would deem that
waiver as non-written and would not enforce it. While the end result of this question would
become one of private international law,132 it should suffice to say that a programmer outside of
the USA who relies upon the limitation of liability clauses in open-source licenses would be
well-advised to consult local counsel.
However, there is nothing special about the GPL or any open-source license in this regard. Many
restricted-source products are distributed under licenses that purport to have similar restrictions
on liability. For example, Adobe Acrobat Reader 6.0, the most recent version of this popular
document-viewing software, contains no less than 13 different license statements, some of which
are for open-source components of the software but others of which are for restricted-source
components, and all of which purport to exclude warranties. If the GPL and other open-source
licenses are invalid or fraught with problems because of their attempt to exclude liability, so too
are restricted-source licenses such as those for Adobe Acrobat Reader.
It would therefore seem to be a red herring to complain that open-source licenses are invalid
because they purport to limit liability. If the application of civil law systems to such limitations
of liability makes them invalid, then many licenses for many products other than open-source
software are equally invalid. Moreover, most users of software want a system that works, not
someone to sue if it does not,133 so the question of limitation of liability does not arise. If the
system ceases working and the vendor refuses to fix it, it is simply replaced, and that vendor may
have limited its liability but it has also lost an upgrade path (and the associated sales) for the
indefinite future.
A deeper problem may be that the GPL and similar open-source licenses may be unenforceable
in many non-US jurisdictions. Some commentators on the GPL have expressed opinions that
arguments to the effect that the GPL may not be enforceable because there is no act of

129
      GPL, supra note 12, sections 11 and 12. See also section 2.3 of this paper.
130
      As in many contexts in this paper, the focus in this section on the GPL should not be understood as a particular
      critique of the GPL, as other open-source licenses have similar provisions and the reference to the GPL is for
      the sake of simplicity. See e.g. section 5 of the Apache Software License
      (www.opensource.org/licenses/apachepl.php).
131
      GERALD SPINDLER, RECHTSFRAGEN DER OPEN SOURCE SOFTWARE 104-06 (2003).
132
      The risk assessment of a judgment in Germany that would hold an American programmer of open-source
      software responsible for defects in their code can only be made in light of a determination as to whether a local
      US court would enforce that German judgment against the US-based programmer. Such a determination is
      beyond the scope of this paper.
133
      Wheeler, supra note 5, section 9.2.

MONTREA:104568.3 200310061100
0080444
                                                   - 23 -


acceptance of the license are nothing more than a misunderstanding or an attempt by restricted-
source providers to create fear, uncertainty, and doubt in the minds of users to discourage use of
open-source software in favor of restricted-source alternatives.134 To these commentators, since
the GPL does not require a user to accept a license at all unless that user decides to redistribute
the software or any part of it, and “because no one can ever redistribute without a license, we can
safely presume that anyone redistributing GPL’d software intended to accept the GPL.”135
In response, other commentators have noted that the GPL would not be binding upon someone
who does not understand it or by operation of law. It is a basic principle of all legal systems,
including in the US, that a person is not required to respect a document that they did not
understand. It would therefore be difficult to say that a programmer who cannot read English
would be bound by a license written in that language. The GPL and many other open source
licenses exist only in English. There are no translations of the OSI’s 10 Principles, as the OSI
found these principles “too difficult to translate accurately”.136 Moreover, they are contracts of
adhesion, being terms that are stipulated by one party and not subject to negotiation. As noted
above, many countries hold that contracts of adhesion must be written in the local language, and
that even if the person reading the contract can understand the foreign language fluently the
contract is not binding without an express consent to allowing the contract to be drafted in that
other language. The GPL notes in its Preamble, and rightly, that no one is forced to use GPL-
licensed software and that a user who does not like the terms of the license can simply refuse to
use the software and thereby avoid being bound. Many legal regimes would give a person
another option: the person may use the software as they choose without restriction, and since the
GPL is an adhesion contract and it was not presented to in the local language (e.g. German, for
Germany) the user is not bound by it.137
While a similar problem would exist for restricted-source licenses drafted in English, such
provisions would be less controversial in a restricted-source setting because there is no real
possibility of downstream programmers’ using restricted source code: they have no access to it.
In contrast, where source code is provided subject to a series of terms and conditions, and those
terms and conditions are unenforceable, the question arises as to what use the downstream
programmer may make of the source code; it may even fall into the public domain. As such, and
putting aside the state immunity issue,138 governments that use open source may be in a position
to do so with significantly more freedom than the US government.

4.1.2 The SCO litigation and its impact on open source in government
Finally, the use of open source outside the United States will never be completely divorced from
American realities. So long as there is law, there will be litigation, and that litigation can have
significant impacts on the use of open source outside the USA.



134
      See e.g. RAJANI, supra note 18.
135
      Id.
136
      See OSI, supra note 3.
137
      SPINDLER, supra note 131.
138
      About which see section 4.4 of this paper.

MONTREA:104568.3 200310061100
0080444
                                                         - 24 -


One of the attendant costs of using licensed software is verifying that all licenses are properly
licensed. With open source, this verification is often quite simple: users of most open source
software are able to do whatever they want with it at no charge, and even GPL-licensed software
users are only limited in their redistribution and not in their use of the software. With restricted-
source, it is often necessary to be able to trace each installation on each computer to a specific
purchase of a license; failure to be able to do so is a failure to be able to produce critical evidence
in the event of litigation from the restricted-source company. And American litigation is
expensive, probably the most expensive in the world. These audits, and the penalties for being
non-compliant, regularly run organizations and governments into hundreds of thousands of
dollars, to say nothing of the cost of lost employee time.139 The ability to avoid such audits is a
competitive advantage to Linux and other open-source software – where distribution is free of
charge, audits are mostly irrelevant – but recent litigation in the United States has raised the
specter of Linux audits.140
In June 2003, The SCO Group, Inc., a successor in interest to certain portions of Caldera,
launched a suit against IBM that goes to the heart of open source and its future development. In a
nutshell,141 through a series of acquisitions SCO claims to have acquired all right, title, and
interest in and to the UNIX, SCO OpenServer, and UnixWare source code; it licensed this source
code to IBM and, according to SCO’s claims, IBM has caused UNIX and UnixWare code to be
incorporated into Linux.142 According to SCO, IBM’s motivation for this conversion is its
attempt to gain dominance over other technology companies: IBM was in the process of
converting its business from a seller of licenses to a seller of consulting services, and it would be
uniquely able to gain first mover advantage in a Linux-dominated environment, allowing it to
“undermine and destroy the ability of any of its competitors to charge a fee for distribution of
UNIX software in the enterprise market.”143
SCO alleges six causes of action in its complaint: (Causes 1-3) breach of contract, (Cause 4)
unfair competition, (Cause 5) tortious interference with contractual relations, and (Cause 6)
misappropriation of trade secrets. The suit claims at least $4 billion USD in damages (including
exemplary damages),144 plus punitive damages and a permanent injunction. IBM replied with a

139
      See Wheeler, supra note 5, section 8.2.
140
      Audits are not inconceivable in the purely open-source context. Presumably, if the GPL carries with it a
      requirement to distribute source code and to license derivative works in accordance with the GPL, there is a
      notional exposure to an audit – by whom, though, is anyone’s guess.
141
      A full analysis of the SCO v. IBM litigation is beyond the scope of this paper and is in any event premature
      before judgment.
142
      SCO’s amended complaint is available online at www.caldera.com/ibmlawsuit/amendedcomplaintjune16.html.
      It is probably not surprising that IBM has denied all claims; SCO’s website also contains a PDF version of
      IBM’s defence, which PDF is defective and cannot be downloaded or printed although it can be read onscreen.
143
      SCO Amended Complaint, paragraph 88.
144
      Most news reports have described the amount claimed as $3 billion USD; see e.g. Matt Hines and Stephen
      Shankland, SCO pulls second IBM Unix license, CNET, August 13, 2003 (news.com.com/2100-1016_3-
      5063143.html). Cause 1 seeks damages of no less than $1 billion plus additional damages through and after
      trial. Causes 1 and 2 seek restitution of all benefits gained by IBM including the full amount of revenues earned
      by IBM from sales of AIX. Cause 3 seeks damages of no less than $1 billion plus additional damages through
      and after trial. Cause 4 seeks damages of no less than $1 billion plus additional damages through and after trial.
      Cause 5 seeks undefined damages. Causes 4 and 5 seek punitive damages. Cause 6 seeks undefined damages,
MONTREA:104568.3 200310061100
0080444
                                                         - 25 -


counterclaim seeking unspecified monetary damages and injunctive relief.145 While Causes 1-3
have serious import for the development of open source in general,146 the actual causes of action
raised in this litigation will probably not have much impact on government. However, for
governments that wish to use open source as a means to develop a local technology industry,
SCO v. IBM holds an important lesson.147
At first, there was concern that the SCO claim against IBM would be followed by suits against
Linux users for misappropriation of intellectual property.148 SCO even went so far as to send
letters to 1,500 IT managers at large corporations warning them that any use of Linux could
expose them to litigation.149 When SCO subsequently announced that it would not sue Linux
users for unlawful use of an allegedly licensed product,150 users of open source were spared this
potential exposure, but the threat from SCO puts the possibility for licensing disputes between
companies claiming that their intellectual property has been wrongfully converted into open
source in clear relief.151 Moreover, SCO’s recent threat to send invoices to Linux users would
mean that the question of whether users must pay for Linux is not yet resolved.152 While a few
companies (including Microsoft) have paid SCO for Linux licenses,153 the question of who would


      trebled because of intentional conduct. All this, plus costs and attorney’s fees and pre- and post-judgment
      interest.
145
      See Stephen Shankland, Big Blue files counterclaims against SCO, CNET, August 7, 2003
      (news.com.com/2100-1016-5060965.html?tag=nl).
146
      These Causes seek an injunction to force IBM to return all copies of all Linux source code that it has
      distributed; since Linux is open source and allows for unlimited and unrestricted copying, it is in practice
      impossible for IBM to comply with this requirement. The effect of this injunction, if granted, would in effect
      allow SCO to obtain an order to go into the premises of any organization using Linux and conduct a source code
      audit; where the code is found, SCO would then be able to extract penalties and charge a fee. The threat of these
      audits made the SCO v. IBM litigation attract significant attention from the open-source community and from
      users of open-source software: for many companies, their use of Linux had been at least in part predicated upon
      freedom from such record-keeping, and the need to keep such records would remove one of Linux’ competitive
      advantages.
147
      There is a second lesson that open-source companies appear to have learned very well, namely the need for pre-
      emptive litigation. In both the USA and Germany, SCO has been targeted with lawsuits from Linux distributors
      (Red Hat and SuSE respectively) seeking declaratory judgments that SCO does not have any exclusive right
      over Linux. Face value: Of monkeys and penguins, THE ECONOMIST, August 30, 2003, at 30.
148
      Whether or not these suits would have had any basis in law. See Eben Moglen, Questioning SCO: A Hard Look
      at Nebulous Claims, July 24, 2003 (www.osdl.org/docs/osdl_eben_moglen_position_paper.pdf).
149
      David Becker, SCO raps Red Hat, sets license prices, CNET, August 5, 2003 (news.com.com/2100-1001_3-
      5060134.html).
150
      Sam Varghese No plans to sue Linux companies, says SCO, THE AGE, August 29, 2003
      (www.theage.com.au/articles/2003/08/29/1062050642514.html). This would probably be a good decision on the
      part of SCO if reports are true that SCO’s own Internet site runs on Linux, as the public relations issue would be
      difficult to explain. See CNET Staff, Microsoft, SCO lean on Linux, CNET, September 2, 2003
      (news.com.com/2009-1088-984352.html?tag=fd_rndm).
151
      And, of course, SCO’s decision not to sue Linux users did not spare IBM.
152
      Stephen Shankland, SCO to send out Linux invoices, CNET (news.com.com/2100-1016_3-5070583.html).
153
      Face value: Of monkeys and penguins, supra note 147.

MONTREA:104568.3 200310061100
0080444
                                                       - 26 -


pay an invoice from a company that has publicly declared it will not sue people without them
remains unanswered.
Nonetheless, even without the threat of litigation against Linux users, the outcome of SCO v.
IBM will have policy impacts upon governments that wish to promote open source. Imagine a
situation where a software producer in Germany takes a copy of OpenOffice (licensed under the
GPL), creates a German-language interface, and distributes it. In Germany, if the GPL does not
apply, the producer can restrict distribution of that customized version of OpenOffice. But
OpenOffice is distributed with the GPL text embedded throughout its code. A customer seeing
that license and thinking that it applies may react variously: it may decide that it too has the right
to redistribute the software without fee (although it does not) or that it has been duped into
paying for something that it could have obtained elsewhere for no charge (and then sue). Another
producer wishing to customize the first interface would be prohibited from doing so without
permission, or it would have to recreate the interface from scratch (as the first producer would
not have been required to distribute its own source code or even the original source code).
Although damages in litigation outside the USA tend to be radically smaller for similar litigation
(and punitive damages basically do not exist), in a country where the GPL does not apply the
potential for software developers to end up in disputes over ownership and distribution rights to
code are magnified, not diminished. A government that wishes to promote its local information
technology sector by promoting development of open source will have to remove the uncertainty
surrounding the GPL, or it will see SCO v. IBM repeated tenfold as companies fight about who
has authorship and therefore ownership over software that one of them had thought was open
source.
The SCO v. IBM litigation does not seem to have affected purchasing and use decisions in the
United States: a survey conducted after the institution of proceedings by SCO found that only
12% of around 400 software developers surveyed felt this litigation would affect customers’
decisions to adopt Linux.154 This makes sense. As long as end users consider themselves immune
to the prospect of their own business being caught up in the web of litigation, they are unlikely to
allow someone else’s lawsuit to affect their business.155 But if licenses such as the GPL are not
binding in areas like the EU, companies and governments outside the United States will find
their exposure to litigation to be more than academic. To create an environment where the status
of open source is known and certain, governments will have to create legislative regimes that
decide these questions once and for all. If not, they leave the decisions up to American courts
and litigants, whose priorities may be (will probably be) different.

4.2 Creating and supporting local developers (by legislation or otherwise)
Governments are not simply consumers of information technology. There is a social policy
impact in everything they do and every decision they make. In the United States, government
often plays an indirect role in shaping the economy (e.g. by favoring or disfavoring certain
businesses or industries with tax credits). Outside the USA, where laws are more favorable and
where government is not viewed with equal suspicion, governments will often provide direct

154
      Matt Hines, Study: Linux use undeterred by SCO suit, CNET, August 4, 2003 (news.com.com/2100-7252_3-
      5059414.html?tag=rn).
155
      It may be, however, that SCO will not stop with only one lawsuit. Recent press reports suggest that SCO may
      be looking for other companies that it can target. See Stephen Shankland, SCO’s next target: SGI?, CNET,
      September 5, 2003 (zdnet.com.com/2102-1104_2-5072061.html?tag=printthis).

MONTREA:104568.3 200310061100
0080444
                                                        - 27 -


subsidies to industries. This gives governments outside the USA the ability to create an industry
where none existed previously: if no one wants to program open source code because it doesn’t
pay, the government can make it pay by paying the programmers itself. And rather than
transferring its wealth to a foreign (often an American) corporation, a government that decides to
pay its own citizens to write code will keep its money in the country and often fulfill other social
goals at the same time. Even putting aside concerns about “spyholes” and other back doors that a
government might fear that a foreign power has caused to be placed in software,156 this social
welfare aspect to starting a domestic software industry has an undeniable attraction for many
governments.157
It would be difficult to challenge the assertion that using open-source software will allow
governments in the developing world to achieve radical cost savings as compared to its procuring
restricted-source alternatives. This paper has previously noted the prevalence of pirated copies of
Microsoft software in Vietnam; one commentator’s query as to how many Americans would buy
legal copies of Windows XP and MS Office if they cost $38,436 (the equivalent to the average
American’s pre-tax income for 15 months) is well put.158 Certainly, a government transferring
such a proportion of its wealth into the hands of a foreign corporation would be ill-situated to
claim subsequently that there might be no money for hospitals or schools. However, and as each
of restricted-source and open-source advocates have noted, the initial cost of software is not the
proper metric; rather, customers (including governments) should consider the total cost of
ownership of open source and compare that to restricted source in order to reach any decisions.159
In that light, the fact that open source allows for the use of older machines that might be unable
to run modern versions of restricted-source software would also be a cost savings of no small
influence upon government, especially government in the developing world.160
Some commentators have noted that restricted-source operating systems produced by Microsoft
produced more revenue in the first two business days of 2002 than the whole Linux market did in
the whole year.161 This is a bit of an apples-and-oranges comparison, insofar as sales of open-
source software do not produce significant revenues as the software itself will often not
command much in the way of price (especially if it is GPL-licensed and therefore must be
distributed at no price). Nonetheless, some governments will have issues with their subjects or
electorates if they are perceived as contributing to such revenues.



156
      About which see section 4.3 of this paper.
157
      See Wheeler, supra note 5, section 2.2, where he discusses the attraction of this home-grown industry sector for
      the People’s Republic of China, Germany, Peru, the United Kingdom, and the Republic of China (Taiwan); see
      also section 10 of that paper, which discusses a Spanish government program that was started as a way to
      “break the stranglehold” that Microsoft Windows presently exercises over the desktop.
158
      RAJANI, supra note 18. The comparison is based upon the following factors: the cost of Windows XP and MS
      Office in Vietnam is between $560 and $800 USD, the 2002 GDP per capita for Vietnam was $440 USD per
      year, and the 2002 GDP per capita for the United States was $30,200.
159
      Id.
160
      Wheeler, supra note 5, section 7.4
161
      CNET Staff, Linux moves on to next battles, CNET, August 4, 2003 (news.com.com/2100-7252_3-
      5059537.html?tag=rn).

MONTREA:104568.3 200310061100
0080444
                                                          - 28 -


4.2.1 Legislating a solution: laws mandating open source
In response to concerns about the degree of wealth transfer described above and in order to force
the issue, some jurisdictions have seen legislative initiatives proposing legislation that would
require certain governments only to procure open-source software.162 It is impossible to deny that
government is a significant actor in the software market even without legislation: simply by
purchasing sufficient product to run a modern bureaucracy, governments are among the largest
consumers of information technology, and therefore the buying patterns of government will have
a significant impact upon the direction in which technology will develop. Proponents of such
bills have typically not focused upon the cost savings that open source would create (although
they also do not hide their opinion that such savings are desirable), but rather upon ideological
bases such as promoting access to information by citizens.163 No such bill has as yet been passed
into law. Nonetheless, restricted-source software producers have banded together against this
perceived threat, taking positions in favor of “neutral public procurement rules” and opposed to
any requirement for open source.164
A preliminary comment about such legislation is that it would tend to suggest not that open-
source software is better than restricted-source but that it is worse. The fact that open source
might be alleged by some people to result in superior software than restricted source should
suggest in a rational economic system that open source would be adopted even without a law. If
open source is technically superior, users should elect to acquire it without any legislative
intervention.165
Restricted-source producers have tended to regard laws mandating open source as a
government’s legislating against property rights in a discriminatory fashion,166 and while this is
certainly one way to look at them, a government that has committed significant public resources
to the incubation of a local open source developer base may have a legitimate interest in ensuring
the development of that base by requiring use of its products in government. Looked at in such a
light, these laws are no different from legislation requiring the use of local contractors or
contractors owned by local minority groups. Laws of these types are prevalent in the United
States, and while such laws may be unconstitutional in the US if wrongly-drafted or if based on
inappropriate criteria, that does not stop American federal and state legislatures from passing
them fairly frequently.




162
      For example, Peru (see section 3.2 of this paper) and Australia (see section 3.4 of this paper).
163
      See e.g. a letter from Peruvian congressman Dr. Edgar David Villanueva Nuñez to Microsoft Peru’s General
      Manager, available at www.opensource.org/docs/peru_and_ms.php.
164
      Business Software Alliance, Principles for Software Innovation
      (global.bsa.org/usa/policyres/Principles_Software_Innovation.pdf). See also Microsoft, Government and Policy
      (www.microsoft.com/resources/sharedsource/Government/default.mspx).
165
      Comino and Manenti, supra note 84 at 3. See also Evans, supra note 32 at 40.
166
      See e.g. a letter from Peruvian congressman Dr. Edgar David Villanueva Nuñez to Microsoft Peru’s General
      Manager ( www.opensource.org/docs/peru_and_ms.php), which addresses various iterations of the argument
      that government should not discriminate against some types of company or in favor of some types of purchasing
      practice.

MONTREA:104568.3 200310061100
0080444
                                                          - 29 -


The confusion that surrounds these laws often reflects another instance of the hidden hand of US
law, this time in the minds of restricted-source software companies.167 The US Constitution is
much more hostile to such priorities as affirmative action programs than the governing laws
outside of the United States,168 and their having developed in an American-influenced
atmosphere often leads restricted-source software companies to presume that a country’s
promoting its own local industry is “unfair” and that a “level playing field” is necessary and
desirable. This perspective is incorporated in treaties such as NAFTA, which forbids member
states from giving any advantage to domestic actors in many spheres unless that same advantage
is extended to the actors from other member states. It is beyond the scope of this paper to provide
a full analysis of all international trade treaties and their potential impact upon open source. For
these purposes, it will suffice to note that any legislation passed to require open source that
would constitute a disguised trade barrier would very likely violate such agreements as GATT
and NAFTA.169 However, where it does not constitute a disguised trade barrier and where it is
not prohibited by local constitutional or other requirements, such legislation would be a rational
and effective way to promote a local development base in the open source sphere.
Arguments that such legislation would not achieve its goal because open-source software is
designed by people all around the world miss their mark. In the American context, these kinds of
laws are only permissible when defensible because they promote local industry doing things that
could not be done economically outside the jurisdiction or for other constitutionally-valid
reasons; this is an artefact of the application of the Commerce Clause. Where there is no
Commerce Clause (namely in just about every other country in the world), state legislation to
promote local developers would not be prohibited, but that legislation also does not have to
prevent non-locals from participating in the project. Such arguments are in fact suggestions to
the governments drafting open-source promotion legislation to ensure that they do not include a
requirement that the software used in government be programmed locally; they do not constitute
fatal flaws to the project.

4.2.2 Resource allocation: if government will develop software, then what kind?
Especially where laws requiring open-source software are enacted, governments will have to be
alive to the questions of resource allocation that will result.170 The sales pitch for open source is
167
      It is also informed by a related concept, which is free market economics and more specifically the idea that the
      government should not be in the business of picking winners. See e.g. Evans, supra note 32 at 46, where this
      underlying idea is fleshed out.
168
      To use an example from a neighbor, the Canadian Charter of Rights and Freedoms (similar to the Bill of Rights
      in the US, and of equal constitutional importance) states at s. 15(2) that activities that would otherwise be
      qualified as discriminatory are not precluded if their purpose is to improve the lot in life of the targeted group.
169
      This would probably include any requirement that research funded by the government could only be made
      available to open-source projects. See Ariana Eunjung Cha, Europe’s Microsoft Alternative, WASHINGTON
      POST, November 3, 2002 (www.washingtonpost.com/ac2/wp-dyn/A59197-2002Nov2?language=printer), where
      Microsoft’s position in this regard is set forth.
170
      One question of resource allocation that is tangential to the scope of this paper but must be noted is related to
      the spending behavior of individuals in a bureaucracy, and the perceived need to spend the whole amount
      budgeted for any given item lest the budget be cut in the next year. Sales forces for products as diverse as office
      supplies and furniture, to say nothing of those in the IT field, have significant experience with this phenomenon.
      It is not impossible that a bureaucrat with control over a $5 million budget would stay with a more expensive
      solution not because it is better but because of a perceived loss of status if the unspent amounts in the budget are
      cut in future years.
MONTREA:104568.3 200310061100
0080444
                                                          - 30 -


that, as opposed to restricted source, open source allows the customer to verify that the software
does what it claims to do without holes, bugs, or unintended consequences.171 The corollary to
that pitch is that there must be enough people with the necessary skill and desire actually to
verify the software.172 It would be surprising if there was a large developer base with the skill set
required to test and debug health records software in the Estonian or Basque languages and that
was willing to do this in an open-source environment rather than charging what would possibly
be a healthy premium for this scarce resource.173
A government that acquires restricted-source software would be able to avoid this problem of
scarcity of developers. It would acquire a pre-existing program with a known cost, or the
software provider would contract to convert the interface to the necessary language as part of the
deliverables. As David Wheeler noted in a discussion of open source in government on Slashdot,
it can be difficult to find programmers for a particular project in such a way as to ensure that the
project works,174 and at least with restricted-source companies the government can insist on the
project’s being revised until it is done right. A government that is required to acquire only open-
source software would not have these options, and would have to find another means to achieve
this goal. It would have to ensure the development of a local programming base, in order to
ensure that it will have access to sufficient service providers when needs arise, or it would have
to become a significant employer of programmers itself.
Promoting the local language is a priority for many governments175 and in any even most
governments would rather that their citizens be able to work in their own language. So it could
be that creating such a base of programmers with expertise in porting software to the local
language would further that legislative goal as well. Nonetheless, governments that choose to
promote local programming communities will still have to ensure that there is sufficient
economic or other incentive to encourage programmers to develop the needed skills.176


171
      This same pitch could also be made for provided-source software, where customers are given the source code
      and can analyze it to their hearts’ content.
172
      Moreover, it only makes sense in the context of mass-market software. Where software is developed for a
      particular customer, there will likely be user testing incorporated into the development contract that would
      provide for this kind of verification.
173
      Open-source advocates note this as a problem with the open-source model, but also note that there is a
      likelihood that a person might just take over a specific project in open source and run with it. See Wheeler,
      supra note 5, section 9.12. While this might be true for such things as spell checks for an open source word
      processor, it would seem less likely for a driver’s license registry or other government-specific application.
174
      David Wheeler, Governments already support FLOSS development (ask.slashdot.com) Posting #6650644.
175
      For example, the governments of Quebec and Latvia have enacted legislation requiring the exclusive use of
      French and Latvian respectively in government and all of its workings.
176
      At the same time, such governments will have to be alive to the possibility of code “forking”. “Forking” occurs
      when certain programmers create code that adds functionality or redirects the evolution of the software, but that
      code is not universally adopted. Open-source software is susceptible to forking because there is no central
      “standards and practices” or similar office that can prevent programmers from taking software in multiple
      directions; it is difficult to conceive of a group of rogue programmers inside Adobe from creating an
      unauthorized version of Photoshop or Acrobat. While it is beyond the scope of this paper to examine forking in
      depth, it may be that programmers working in an isolated linguistic environment would be more susceptible to
      creating code forks.

MONTREA:104568.3 200310061100
0080444
                                                         - 31 -


Some governments have taken some initial steps toward porting open source software into the
local language, a necessary first step for a software industry. For example, the Cambodian
government has reached an agreement with UNICODE to develop Khmer based programming
language and characters as a GNU/Linux implementation,177 and similar language localization
projects have been undertaken in Vietnam.178 But these are only initial steps. Governments that
wish to promote open source, and especially those that wish to do so through legislation, will
need to consider the allocation of government resources and funding of the software industry that
such a policy would require, and whether they consider this to be an appropriate use of public
funds.179

4.2.3 GPL vs. BSD: How open should government be?
A government that chooses not to spend its money on supporting and promoting a local
developer base will have to consider whether open source allows for the creation of viable
private-sector business models, or else it risks being left without an IT solution in the event of
systems crashes. Microsoft has publicly stated that it considers open source business model to be
fatally flawed, because open source requires “software developers to give away for free the very
thing that they create that is of greatest value in the hope that somehow they’ll make money
selling something else.”180 Many members of the open-source movement would agree that doing
business in the open source space requires that companies “take a second look at the business
model and prices, rather [than] technologies.”181 While a discussion of business models is beyond
the scope of this paper, and although it would seem at first glance that there must be a business
model that allows people to make money selling something that is also available without cost, or
the existence of libraries would have been fatal to the publishing industry long ago,182 there is a
strong argument that subsidizing the adoption and development of open source is welfare-
reducing for the society that does the subsidizing.183 Certainly one government, that of Sweden,



177
      NORONHA, supra note 88.
178
      Asia Open Source Centre, Vietnam (www.asiaosc.org/enwiki/page/Vietnam.html).
179
      One example of an open-source implementation that looked good on paper but went wrong in reality is
      Mexico’s “Red Escolar Libre”, or “Free School Network”, project. This project, implemented in 2000, looked
      to provide 1 server and 6 computers in a lab for each of the 120,000 schools in Mexico; to save money on
      Microsoft licenses, the project was intended to use Linux and open-source software. However, there was no
      budgetary allocation in the project either for support or for training; the computers and the software were simply
      shipped to the schools for local installation by untrained personnel. The project is widely-perceived both by
      open source proponents and detractors as a colossal failure. See BROD, supra note 65 and Nuñez, supra note
      163.
180
      Mundie, supra note 37. See also Microsoft, The Commercial Software Model and Sustainable Innovation
      (www.microsoft.com/resources/sharedsource/Initiative/speeches/mundie_model.mspx): “[T]he GPL is
      optimized to build a strong software community at the expense of a strong commercial software business
      model. That’s why Linus Torvalds said... that ‘Linux is never really going to be a rich sell.’”.
181
      RAJANI, supra note 18.
182
      Kaser, supra note 14.
183
      Comino and Manenti, supra note 84 at 16.

MONTREA:104568.3 200310061100
0080444
                                                        - 32 -


has considered this issue and noted the success of the Linux ventures of HP and IBM in 2002 as
promising good things for private open-source software companies.184
One of the most divisive questions in the open-source community is whether software
development should take place under the BSD or the GPL.185 There are strong arguments in favor
of both. Surprisingly for a topic that has consumed much time and thought, there does not seem
to have been much thought about which of the BSD or the GPL would be more appropriate for
government-sponsored code.186 As noted in this paper,187 the GPL places significant restrictions
on downstream users of GPL-licensed code that other open source licenses such as the BSD do
not. In particular, the BSD does not require that code using the BSD be licensed under the BSD
as well; the BSD-licensed code is there for the taking, and the taker has no obligation in return. A
BSD-licensed program must be distributed with its source, but the distributor can exact a
substantial profit for the software. In contrast, the GPL requires that downstream users be given
full and unrestricted access to and use of programs and source code at no cost.
The decision by a government to sponsor development of software requires that government also
to choose under what license the software should be developed, and that choice is itself highly
politicized. A government that chooses to sponsor the use of BSD-style licenses has chosen to
allow private software companies to take government funding and profit from it. This will
promote the development of a software industry but may lead to a situation where the
government may seem to have tried to “pick winners.” In contrast, a government that sponsors
use of the GPL has chosen to promote the spread of knowledge and technology at the possible
cost of discouraging for-profit businesses.188 It is also an asymmetrical choice: a government that
chooses the BSD can always change to the GPL, but a government that has chosen the GPL will
have great difficulty ever choosing anything else. As for a government that does not choose
which license it will promote, that is also a choice. Leaving the choice of license to the recipients
of government funding will allow some recipients to promote values of sharing knowledge and
others to promote the accumulation of profit, and will take this policy decision out of the hands
of government.
Moreover, there is no a priori reason that a government could not develop its own open-source
license for products and projects that it funds. For example, a government could set terms that
require unrestricted distribution of code to other nationals of the country while permitting
restrictions on distribution outside the country. While such a regime might be impermissible or
inapplicable inside certain trade or other alliances,189 it is not impossible to effect in the world,

184
      STATSKONTORET, FREE AND OPEN SOURCE SOFTWARE (2003) 20.
185
      Evans, supra note 32 at 39.
186
      In the United States and at least for works produced directly by the government, the question is moot, as works
      produced by the US government are not eligible for copyright protection. 17 USC 105.
187
      See section 2.3 of this paper.
188
      Evans, supra note 32 at 47.
189
      For example, this might violate Chapter 11 of NAFTA, which prohibits discrimination against non-citizens (at
      least where such discrimination impinges on citizens of the other states party). That is, the government of
      Canada cannot extend special treatment to Canadians in an industry unless that industry is exempted from
      NAFTA (such as softwood lumber) or unless that same special treatment is extended to Americans and
      Mexicans.

MONTREA:104568.3 200310061100
0080444
                                                          - 33 -


and it might allow countries with a sufficient population base to support such local development
and to gain a competitive advantage in software development.

4.3 “Spyholes” and preventing outside access to government information
For some reason, some governments and entities have developed the idea that the US
government may have forced American restricted-source software companies to provide
spyholes into the software to allow the US government to access secret information belonging to
foreign powers. This concern has been described as one of the primary motivations for Chinese
support of Red Hat Linux - if the operating system is open source then the government can check
the code itself and verify that no spyholes exist.190 This has been cast in the media as a Microsoft-
vs.-Linux debate,191 and while addressing it in that context shows room for a substantive debate it
leaves a part of the story untold.
The term “spyhole” is used to refer to a hidden porthole left in something like software that
would allow the programmer or a third party to have secret access to the software and/or to
manipulate the data stored in the system without knowledge of the customer or primary user.
While spyholes have been known to exist in the commercial context for purely commercial
reasons,192 one of the better-known discussions of spyholes (and one that is more apposite for the
present discussion) has arisen in the context of encryption.193 When encryption technology first
fell into widespread use, the US government, which had previously been able to engage in
widespread monitoring of communication and whose largest problem would be sifting through
the information, was confronted with an entire class of communication that it could not feasibly
monitor. The first reaction of the government to this technology was to promote the use of the
Clipper chip, a chip that would allow encryption by users but leave a back door for the US
government to enter (presumably after having first received a court order, although that may not
have been a hard and fast requirement). After an aborted attempt to require use of the Clipper
chip by regulation, the government then tried to encourage adoption of the Clipper chip by
subsidizing its development to make it the cheapest encryption technology; this also failed in part
because manufacturers were loathe to adopt an encryption technology sponsored by the US
government, and the government then returned to a regulatory approach whereby encryption
code would be regulated directly and a back door would be required.
Lessig raises this in the context of the government’s regulating code directly to effect an indirect
regulation of behavior,194 but his mention that the Clipper chip’s unpopularity derived in part
from hostility toward adopting a system promoted by the US government shows that non-US

190
      CNETAsia Staff Writers and Zhang Xiaonan, China blocks foreign software, CNET, August 18, 2003
      (news.com.com/2100-1012_3-5064978.html).
191
      Craig Smith, Fearing Control by Microsoft, China Backs the Linux System, NEW YORK TIMES, July 8, 2000
      (www.nytimes.com/library/tech/00/07/biztech/articles/08soft.html).
192
      See the discussion of Borland’s back door into InterBase to allow control of databases by administrators as
      recounted in Wheeler, supra note 5, section 6.12.
193
      This version of the story is adapted from Lessig, supra note 23 at 48-49.
194
      He also raises the interesting if almost purely American question of whether the right to freedom of speech is
      limited to speech that is capable of being understood by listeners (i.e. unencrypted speech); a discussion of this
      topic is beyond the scope of this paper, but it does seem to presuppose a culture where everyone speaks the
      same language when speaking without encryption.

MONTREA:104568.3 200310061100
0080444
                                                         - 34 -


companies have always had a reluctance to promote options that would prefer the US
government to others. Such non-US entities now seem to fear that the US government might be
forcing spyholes onto the world. But how? A government that wanted to ensure the efficacy of a
spyhole would attack the one thing without which all software cannot work: the operating
system. And a government that wanted to put a spyhole into an operating system would have to
do so in an environment where the spyhole would not be easily found: with restricted-source
software. Serendipitously, the largest restricted-source operating system producer, Microsoft, is
based in the United States. Is it possible, some have asked, that Windows contains a spyhole for
the US government?195
At the outset, it should be noted that the answer would have to be negative. It surpasses belief
that such a spyhole would have actually been put into any version of Microsoft Windows. If it
were required by law or regulation, those laws and regulations would be public and would have
been immediately disseminated across the Internet; in an environment where there are hundreds
of sites “proving” the US government’s suppression of UFOs in New Mexico, the absence of
Internet sites discussing such regulation is almost proof positive that it does not exist. Anyone
who would suggest that such an order or agreement may have been procured by less formal
means must then address why Microsoft was subjected to antitrust proceedings, if Microsoft
were so allied with the US government and so willing to accede to its demands. One would think
that Microsoft would have extracted a quid pro quo: we will put a spyhole into Windows, and
you will drop the prosecution. The presence of the prosecution therefore argues strongly in favor
of the absence of a spyhole. But the absence of evidence is never the evidence of absence, and
where a spyhole in Microsoft Windows cannot be proven not to exist, there will always be some
people and governments that will suspect its existence.196 That is, the question properly phrased
is not “is there a spyhole?” but rather “is it impossible that there could be a spyhole?”
It is unclear whether Microsoft’s Shared Source initiative could completely address this concern
held by countries such as China. Certainly, the Government Security Program allows the
governments of certain countries to access the source code for Windows to the extent that they
can verify its security.197 However, it is one thing to be able to test the security of an operating
system and another thing entirely to be able to verify code line-by-line. Moreover, the
Government Security Program is subject to such requirements as US export controls; a
government that is already concerned about the US government’s requiring spyholes to peer into
its systems may not be on the US government’s whitelist, or may be less than assuaged by
having been whitelisted.
The Chinese attitude in this regard is particularly instructive in light of the fact that China has
been approved for the Government Security Program.198 Any speculation as to why China would
seek access to Windows source code only to throw its support behind Linux would be exactly


195
      Or for others. See the discussion of unsubstantiated claims that al-Qaeda was able to infiltrate Microsoft and
      plant Trojan horses and back doors into Windows XP in Wheeler, supra note 5, section 6.12.
196
      In a similar vein, search “Roswell”, “government”, and “UFO” on any Internet search engine for proof positive
      that the absence of evidence of UFOs and government suppression thereof has not stopped a thriving industry in
      conspiracy theories.
197
      See Microsoft, supra note 58.
198
      Inquirer, supra note 58.

MONTREA:104568.3 200310061100
0080444
                                                          - 35 -


that: speculation.199 But one thing is certain: while the Government Security Program and other
provided source initiatives may be targeted to address certain concerns, there are other concerns
that cannot and may never be addressed by limited access to source code.200
Moreover, while there is probably no spyhole today, that does not in any way make a spyhole
impossible in the future. The more that code writing is concentrated in the hands of a few entities
susceptible to government regulation, and especially the same government or several of like
mind, the less likely those entities are to fight the regulation: their analysis will be one of cost
and benefit (are the sales they would expect to lose by accepting this regulation going to be
outweighed by the benefits gained) and not of ideology.201 Encryption technology is again
instructive. Individuals with sufficient interest will always be able to find encryption technology
for their personal use, but large corporations that program (and buy) software will tend to
discourage such individual action and will trend toward the solution that causes the least ripples.
Just as some governments have proposed legislation requiring the purchase of open source,202
other governments might legislate that they will only buy software with a spyhole. If the US
federal and state governments all adopted such legislation, the incentive for operating system
programmers to include such spyholes might become impossible to resist; if a restricted-source
software company were to refuse to comply with such legislation, this step might be sufficient on
its own to create a second viable restricted-source operating system company. Such a new
company may well be able to create sufficient economies of scale that it could then get its
products onto the average home user’s desktop, and if the price is right, onto the desktops of
governments that cannot afford restricted-source products.
So while spyholes may not exist today, there is nothing to prevent their existing in the future.
Given that reality, the rational response on the part of governments that do not want to use
software with such spyholes203 would be to ensure verifiability of the source code for any
operating system that they might use. It would be meaningless to put a spyhole into open-source
software: a programmer could just remove those lines of code that provide the spyhole and


199
      Certainly, open source proponents might read this decision as an implicit vote against Microsoft’s software.
      However, it is no less plausible to think that China might have wanted to see the Windows source code in order
      to appropriate certain aspects of it for use in a Linux environment; it could even be the case that the Chinese
      application to the Government Security Program was the result nothing more than a good-faith desire to assess
      Microsoft software which was then overridden for political (job-creation) reasons.
200
      Of course, there are people and institutions other than governments that can have more extensive access to
      Windows source code under Shared Source; while they are required to sign non-disclosure agreements with
      Microsoft, any programmer outside of the United States who discovered the existence of a spyhole could be
      reasonably certain that their disclosure of that spyhole would go without sanction. The courts of a country
      outside the United States would be receptive to the argument that a programmer finding such a spyhole would
      be justified in disclosing its existence for reasons of national security. Not quite the Pentagon Papers, but
      probably not that far off, either.
201
      LESSIG, supra note 23 at 52-53.
202
      See section 4.1 of this paper.
203
      Of course, there may be countries that would use software with a spyhole even knowing of the spyhole, on the
      basis that they might feel that they have nothing interesting to hide. Possible, but not likely. The recent upsurge
      in privacy legislation both inside and outside the USA suggests rather that people want to keep their secrets
      even if they have nothing to hide. For more on privacy law inside and outside the USA, see AMERICAN BAR
      ASSOCIATION, CORPORATE PRIVACY HANDBOOK (2003).

MONTREA:104568.3 200310061100
0080444
                                                         - 36 -


redistribute the program.204 For those governments that insist on full verifiability, no private-
sector solution could be acceptable, and open source will be the only route to an acceptable
solution.

4.4 Openness and its alternatives: consequences of open source for society
The preceding section and its discussion of the (unfounded) concern that the US government
may force American companies to leave spyholes for it to access foreign confidential
information is in fact a subset of a larger concern: some governments do not even give access to
information to their own citizens. While no government is 100% open and transparent, there are
degrees of restrictiveness, and many governments that seem to be looking toward open source
are not open in any other aspect of their governance. The interaction between such governments
and the open-source community would probably not be harmonious.
Quite simply, open source promotes ideas of freedom and liberty that are at odds with the
principles and legislative regimes of some governments. While open-source proponents have
never hidden their political ideology, a government that looks at open-source software as nothing
more than a way to get information technology on the cheap will soon discover that, by using
this software in a manner consistent with the spirit in which it was developed, that government
has committed itself to an ideology that it may not wish to promote. And if that government
violates the spirit of open source, the programming community may lose its desire to create
open-source software, thereby killing the movement.
The community of open-source programmers is radically libertarian. Many open-source
programmers really think that there is no reason why a government or other large institution
should prefer a program created by a giant corporation to one created by a group of people sitting
in their basements who have never met each other and have no formal organization. There are
even people who think the unorganized people in their basements should be preferred to the large
corporation. And they may not be wrong. But the focus of open source on freedom and
empowerment, and access to all information about a system by any user, may run headlong into
the focus of many governments on power and control, and restricting information to elite groups.
Although it does not use this insight to note the same dichotomy, the position of the open source
community with respect to its ideology is most succinctly-stated by Microsoft: “Free Software
advocates believe software is akin to speech and should be free in the sense of ‘liberty.’”205 This
is similar to the open source mantra that the word “free” should be interpreted in the sense of
“free education” and not “free beer”.206 The history of open source is full of stories about harsh
reactions on the part of the community against those who would control access to information.207


204
      LESSIG, supra note 23 at 106-07.
205
      See Microsoft, Open Source Software
      (www.microsoft.com/resources/sharedsource/Government/opensource.mspx). Prominent open source
      developers would likely agree. See e.g. the description of the GPL as a “strong free license, much like the First
      Amendment is a strong law protecting free speech in the United States.” OSI, supra note 53.
206
      RAJANI, supra note 18.
207
      One story in particular illustrates this focus on openness. In early versions of UNIX, the FINGER command
      allowed users to see the last time another user had been logged into the system and whether that person had read
      their mail. When a programmer changed the command to remove this functionality to protect the privacy of the
      users (who may not have wished for others to know this kind of information about them), he was attacked by
MONTREA:104568.3 200310061100
0080444
                                                        - 37 -


The message could not be more clear: “the very existence of [the open source] community
requires freedom and openness”, and without that freedom and openness there would be no open
source software.208
Proponents of open source seem not to have considered the inverse possibility in any meaningful
way. While it seems that every advocacy article about open source contains arguments either
against the idea that open source is less secure than restricted source209 or (more frequently)
promoting the idea that open source is in fact more secure than restricted source,210 these
arguments have been directed to showing that open source does not and could not contain any
spyholes or bugs. But this argument presumes that a government would want to have other
people know how its software works and what kind of information it is storing. Perhaps (and
perhaps only perhaps) that statement would be true for the US government, or the governments
of open and democratic countries such as Germany or Canada.211 It is probably less true for
governments of more authoritarian states such as the People’s Republic of China, Singapore, or
Saudi Arabia. As noted above,212 proponents of open-source-mandatory legislation have not
typically defended these laws by reference to cost savings but rather by reference to the values of
openness and citizen empowerment that open source is thought to promote. If a government
wants to control its citizens and their access to information, then adopting software whose inner
workings can be derived and understood by any person with sufficient technical skill is not the
way to achieve this goal. Today, there is little information technology of any kind in many
countries whose offline regulation is highly authoritarian.213 But an authoritarian government
given access to information technology will probably not wish to allow this space to remain
unregulated; if even the US government with the strong American protections on free speech has
felt the need to regulate the Internet,214 an authoritarian state will find the opportunity irresistible.
Moreover, the primary principle of open source is that it is stronger and more stable than
restricted source because of the ability of thousands of people to test the software by probing it
for defects, bugs, and unintended effects. In the open-source community, this is looked upon as
something similar to a right: if a system exists, it should be tested, and those people who do the
testing should be perceived as public servants and not as pariahs.215 There are many governments

      others in the community for removing openness from the system. Openness was understood as a value that
      trumped a user’s privacy interest. See LESSIG, supra note 23 at 77.
208
      RAJANI, supra note 18.
209
      See e.g. Wheeler, supra note 5.
210
      See e.g. RAJANI, supra note 18.
211
      Although and as noted in section 2.1 of this paper, governments today often insist upon both software escrow
      agreements and exclusivity provisions when purchasing custom-developed software, which would suggest that
      rather than promoting openness governments even in the US and Canada (to give only two examples) would
      prefer control.
212
      See section 4.1 of this paper.
213
      See e.g. the discussion of Vietnam in LESSIG, supra note 23 at 188-90.
214
      Those who disagree are directed to such legislation as the Children’s Online Privacy Protection Act, 15 USC
      6501-05, and the Digital Millennium Copyright Act, Public Law 105-304.
215
      See e.g. RAJANI, supra note 18: “hackers understand themselves as ‘warriors, explorers, guerrillas, and joyous
      adventurers of the Digital Age’.”
MONTREA:104568.3 200310061100
0080444
                                                         - 38 -


that deny their citizens such “rights” and would harshly punish any citizen caught doing so; it is
questionable how such governments would feel when told that citizens of another country think
they have such a right to “attack” (as they see it) their computers and systems. Many private
individuals look upon probing the weaknesses of a computer network as harmless amusement or
a public service: “[t]o use Linux without criticizing it is to betray it.”216 Many of those
individuals write and debug open-source software. It is not wholly speculative to say that, if
these individuals start seeing their friends and colleagues arrested and their products re-
engineered to prevent such access, they might stop their productive programming efforts and turn
their attentions to attacking the restrictions upon their access. As one commentator has noted, “if
you are choosing products, do you really want to choose the product [against which] people may
have a vendetta?”217 And they wrote the software, so they know where the access points are and
how the restrictions will probably work.
Quite simply, openness of code is inversely related to a government’s ability to control access to
information.218 Even if the actual information in that database is not accessible, a skilled
programmer can look at the underlying architecture of a database system and know what kind of
information is being stored. By looking at the code libraries to which that database makes calls,
the programmer knows how the system works. It is a very short step from this knowledge to
creating a system that allows remote access to that information, or creates a system dump from
inside that causes the entire day’s new records to be downloaded to another computer in the
system. In a restricted-source environment, this is of course also possible, but when code is open
there are far fewer barriers. And open source programmers are people who are curious and like
to tinker with systems, and who believe that they have the right to do so.
So a government that wishes to restrict citizen access to systems must not only engage
programmers to produce its software, but also invest such resources that these programmers are
able to close off open-source software so well that the people who wrote the open-source
software cannot get around the barriers. Failure to do so would be costly, both in money219 and in
control. It also has to trust those programmers not to do the thing that they are supposed to

216
      Clay Shirky, Short Takes on Linux (www.shirky.com/writings/short_takes.html).
217
      Wheeler, supra note 5 section 6.10. To those who would suggest that such a change in focus or priorities would
      be unlikely, it is instructive to consider the vast number of programmers who seem to have adopted as their
      life’s mission finding all of the bugs and unintended effects of the various components of Microsoft Windows.
      It is not long between media reports of various worms, Trojan horses, and viruses unleashed upon Windows,
      and the recent (at the time of this paper) MSBlaster.exe virus, which contained a message addressed to
      Microsoft’s Chairman Bill Gates (“billy gates why do you make this possible? Stop making money and fix your
      software!”) is instructive. The actions of a lone renegade teenager cannot and should not be imputed to the
      open-source community (indeed, there is no evidence or suggestion that the teenager in question ever wrote a
      line of open-source code), and recent surveys suggest that the average open-source programmer is 28 years old
      with 11 years of programming experience, hardly a teenager. See Wheeler, supra note 5 section 11.13. But it is
      not uninteresting that the message found inside the MSBlaster.exe worm reflects certain beliefs that the open-
      source community would likely share, such as the right of a system user to probe it for unintended effects or
      bugs and an obligation on the part of the system programmer to close off that bug (rather than an obligation on
      the part of the person who discovered the bug to keep that knowledge to themselves or to inform the restricted-
      source software company quietly).
218
      LESSIG, supra note 23 at 100.
219
      The cost of just one virus, the LoveLetter virus in the winter of 2003, is estimated at $960 million USD in direct
      costs and $7.7 billion USD in lost productivity. Wheeler, supra note 5 section 6.10

MONTREA:104568.3 200310061100
0080444
                                                         - 39 -


prevent others from doing. Not only does such an approach completely negate the primary
perceived benefit of open source (the worldwide community of debuggers and programmers
improving the system), to say nothing about the likelihood of code forking, but it is economically
irrational: there are restricted-source software companies that can do this better and cheaper or at
least no more expensively.220 And a restricted-source company within the jurisdiction and
therefore subject to regulation can be controlled by a government in a way that a worldwide
community of loosely-associated programmers simply cannot.221
There is no meaningful sanction that can be enforced against a government that treats open
source in this way. The GPL purports to bind those entities that use GPL-licensed software by
forcing them to redistribute their source code as well. This may work in a society based upon the
rule of law and respect for contract rights.222 But governments are not ordinary economic actors.
Notwithstanding the modern American interpretation of the state immunity doctrine which holds
inter alia that governments can be sued in US courts when their actions are equivalent to those of
an ordinary market actor,223 and while some governments outside the USA will permit suits
against them,224 not every government shares this view and many countries prohibit lawsuits
against the government. Moreover, if a government does not respect the terms of an open-source
license (e.g. it attempts to restrict distribution of software developed from a GPL-licensed
product), there may be no adequate remedy. Many governments are immune to injunctions in
their local courts and may refuse to respect foreign injunctions. It is difficult to envisage the US
government attempting to convince the government of China to respect an injunction from
Massachusetts ordering that the source code for its nuclear weapons launch system or for the
computers controlling the flow rates through the Three Gorges Dam must be released because
they were developed from a GPL-licensed kernel, to say nothing of how hard it is to envisage the
Chinese government’s ever accepting and respecting such appeals.
And why should the launch codes or the network architecture for nuclear weapons systems or
power plants be publicly accessible? The OSI takes the position that where a stable long-term
competitive advantage in a narrow field can be obtained by keeping data secret, the company or
person developing that data would have a good reason to keep that data secret,225 but the OSI is
far more balanced in its approach than many other open source proponents, and its one-

220
      Applying the same logic as that used by open-source advocates to contend that open-source software will have
      its bugs fixed faster than restricted-source, it would be logical that a restricted-source software company would
      be faster to notice bugs or unintended effects than a government working on proprietary software running on
      Linux, because the company would have more people reporting more errors than one government and the
      company would have more people it could throw at the problem. Again, unless a government adopting open
      source keeps the open-source community on its side, it loses one principal advantage of open source: access to
      the community’s knowledge base.
221
      See LESSIG, supra note 23 106-07.
222
      Or it may not: see section 4.1 of this paper.
223
      The interpretation of the Eleventh Amendment is beyond the scope of this paper. See e.g. Seminole Tribe of
      Fla. v. Florida, 517 US 44 (1996); Pennsylvania v. Union Gas Co., 491 US 1 (1989).
224
      See e.g. European Convention on State Immunity, art. 28, para. 2, which not only allows for suits by citizens
      against their government but also allows the citizens of one state party to sue the government of another state
      party.
225
      Open Source Institute, Software Secrets: Do They Help or Hurt? (www.opensource.org/advocacy/secrets.php).

MONTREA:104568.3 200310061100
0080444
                                                      - 40 -


paragraph overture into the discussion of open source in government simply states that such
adoption by government would be a good thing.226 When looked at more closely, there is no
reason to believe that the adoption of open source by government would lead to an increase of
open-source software for ordinary individuals. In fact, there is no reason to believe that a
government’s use of open-source software would produce any benefit whatsoever for the public.
For there to be such a public benefit, the government would have to allow its software to be
released to the public. And for many governments, there is no reason to believe that will ever
happen.
Assuming that the desire of the open-source community that governments use open source is
rational, the community must have concluded that such use of open source in government would
either lead to the development of more open source software, or the adoption of more open-
source values in government. If the hope is the former, then past conduct (which is usually a
good way to predict future conduct) by governments would suggest that software developed for
government will stay in government. If the latter, then that hope is likely to be frustrated.
As noted above, the government of Vietnam has taken steps to localize various open-source
software for use in Vietnamese and has been the site of a conference dedicated to the use of open
source.227 This is the same country that recently convicted two of its citizens on charges of
espionage for such capital offences as translating an article on the principles of democracy into
Vietnamese and posting the translation on the Internet.228 Vietnam’s Ministry of Culture also
announced in October 2002 that its prior approbation would be required to post any material
whatsoever on a Vietnamese website.229 It would seem unlikely that such a country will adopt
open values along with open source.

5. Conclusion
In his 1976 “Open Letter to Hobbyists”, Bill Gates asked rhetorically, “Who can afford to do
professional work for nothing? What hobbyist can put three man-years into programming,
finding all bugs, documenting his product, and distribute it for free?”230 The answer to this
question is now clear: open-source programmers can, and do, and plan to continue into the
foreseeable future, even if there is no business model that can make this commercially workable.
And if governments adopt open source, these “hobbyists” will have a market larger than they
could possibly have imagined. But just about every management textbook notes that, in Chinese,
the character for “danger” and “opportunity” is the same. Open source is on the cusp of this
dilemma today, and it is the imminent adoption of open source by government that has placed it
there.
Many governments today are using open source, and many more are considering it. But none of
them has undertaken any systematic analysis of their legal system in the context of open source
adoption. A government that chooses to adopt open source and to promote its use by its citizens

226
      Open Source Institute, Products (www.opensource.org/docs/products.php).
227
      See sections 3 and 4.2.2 of this paper.
228
      Caught in the net, THE ECONOMIST, August 30, 2003, at 30.
229
      Id.
230
      Wheeler, supra note 5 section 5.2.

MONTREA:104568.3 200310061100
0080444
                                                         - 41 -


must take certain legislative steps to ensure that open source will not be stifled by intellectual
property rights issues. It must consider whether it will pass a law mandating open source use in
government and the consequences of such a law, and whether it will dedicate scarce financial
and other resources to developing and maintaining a community of programmers (or whether it
will outsource this labor to the open-source community at large). It must ensure that open source
as created elsewhere is applicable to its domestic legislative environment and make the necessary
amendments to the relevant legislation in order to arrange for this. It must decide whether it can
be satisfied with something other than open source, in exchange for having access to the
expertise of restricted-source programs and programmers, and this decision is made in the light
of its relationships with other countries and the need for certain public perceptions at home (is it
more important to be seen as promoting a local information technology industry, or could that
money be better-spent on sanitation and public health, or fighter jets and tanks). And, last but not
least, governments that wish to consider open source must consider whether they wish to adopt
the libertarian values that underpin the open-source movement, and must consider the
ramifications if they accept the software but do not accept the values.
At this point, the open-source community also has some decisions to make. Open-source
programmers must individually consider how they will react to knowledge that a particular
government or governments that they find abhorrent have decided to use open-source software
without opening their societies. They will have to decide whether, in the absence of adoption of
open values by government, they will accept becoming a source of cheap labor for governments
using open-source software. While on one level nothing would change, as open-source software
today is produced as a result of the free labor of programmers around the world, it may be that
the open-source community might change its attitudes and approach with the knowledge that
while the users of open-source products may like the products, they don’t like the ideology that
goes along with it. Some open-source advocates are alive to this dilemma,231 but none of them
has squarely addressed it. If open-source software is adopted by governments that do not accept
open values, the open-source community will be required to make a decision: will it work for
people who refuse to listen to what it has to say? In short, will the community shut up and write
code, or does it fight back? The answer to this question is, appropriately, still open.




231
      See e.g. RAJANI, supra note 18. “I myself have suffered at the hands of a dictatorship in Pakistan, one of my
      best friends was tortured to death by the ISI (Inter Services Intelligence) of Pakistan in 1980, and numerous
      others were tortured and spent tens of years in prison. Now as much as I would like [open source], I find it hard
      to live with the idea that the ISI may be running Linux on their servers, and thus actually saving money to
      perhaps buy more surveillance and torture equipment.”

MONTREA:104568.3 200310061100
0080444

				
DOCUMENT INFO
Categories:
Tags:
Stats:
views:41
posted:5/16/2012
language:
pages:41