Data Portability, not Open Source?

Is it time for the GPL to die?

During the early days of the open source movement, when the idea of free and open software was newer—when most software was proprietary, and access to software itself was a scare resource—the GPL license turned out to be an important lever on the world.

It was important that Linux used the GPL, because Linux, and everything that came along with it, was the vehicle we used to get the idea of open source into those larger companies who were resistant to it. Linux it turned out, was too useful to ignore.

But time passed, and something interesting happened, open source won. The license wars are over now, and anyone that tells you otherwise isn’t comfortable with even small compromises. It’s done. Those particular battles are over and don’t have to be fought again, because the place where we are today isn’t the same place we were in thirty years ago.

The dangers we face today aren’t the same.

I’d argue that the GPL is now far less important today than it was thirty years ago, when we were fighting the first rounds in the war against proprietary software and vendor lock in. Thirty years is a long time, and in that time the Internet has changed pretty much everything. Access to software is no longer difficult, access to source code is common. Common enough, at least, if you’re happy with small compromises.

Anecdotally, I think that most younger developers are now opting for MIT or BSD licenses over the GPL, and although it isn’t entirely clear why that’s the case, it I’d argue that it’s down to pragmatism. The realisation that open source isn’t the most important thing in the world, and that it’s okay to pay for software, at least some of the time.

A somewhat unscientific poll run on Twitter, with a lot of complaints about the absence of the Apache License.

Permissive, rather than copyleft, licences now seem to dominate. I’d even argue that the ideas embodied in the GPL are hurting free and open software, that to make further progress we need to move away from the ideas embodied by the GPL. Which of course brings the question of what we want, of what we’re making progress towards, right to the fore.

Because I don’t think we want what we used to want. After thirty years of software being the most important thing, and software freedom mattering the most. After thirty years of that and that alone being our tool to change the world, developers have decided that enough is enough, and other things matter more. I’ve now seen more than one modification to the MIT licence to make “ethical demands.” Although this idea, that software should be ethical, is causing some upset in the community.

A modified MIT license that adds a clause paraphrased from Isaac Asimov’s “Three Laws of Robotics”.

That, despite the fact that the idea of an ethical license for software isn’t new, the GPL is just that after all. The new thing is that the ethics in the license is “thy shalt not kill” rather than “software should be free.”

I’d argue that the people speaking against “thy shalt not kill” because “software should be free” are standing on shaky ethical ground. The argument that the idea of “software freedom,” the ability to reuse code, is more important than human life is not a place where you should stand. It is not the hill that you should die on.

Tangential to this argument is another. Some people are now arguing that cloud computing is bringing us back into another war against vendor lock in. That many services are effectively closed and proprietary, and even services that are based on open source carry proprietary extensions. This is an argument in support of the GPL, in support of copyleft.

To a certain extent I think they’re right, we do have a problem with vendor lock in with the cloud. But I think the cloud is a very different battle than the one that was fought against proprietary software back in the 90’s. Because even if you had the source you literally couldn’t replicate Google or Amazon’s cloud. The hardware, and the scale it is deployed at, is the secret sauce. Not the software. Licensing be damned.

I don’t think source code will help with the vendor lock in problem. Instead we’re at the point where legislation, like the GDPR, is necessary. Because the GDPR defines a person’s rights to data portability, and in the long term, I think that’s going to be far more important.

The problem inherent with hosted services isn’t the ability to replicate the service, most people, most of the time, will be unable to do so even if they had the source. Instead the problem is the data, our data. We should therefore be worried about data portability licenses, not open source.

Who owns your data, and how easy is it to move between providers, if there is even another provider you can move to, is far more problematic than whether you can see your providers source code.

The current battles are far more around data, and privacy, than software.

In the end almost every argument comes down to ‘it depends’ and predictably this is uncomfortable for a lot of people. But what should make you really uncomfortable is the idea that people are so unwilling to compromise ‘open source principals’ that the idea of an ethical license that restricts the use of the software for what the author see as ‘good’ is a problem. Because what makes me really uncomfortable is people that seemingly unable or unwilling to compromise.