The Futility of the Hippocratic License

Gary McGath
Oct 7 · 5 min read

Imagine buying a screwdriver and having to sign an agreement saying, “I promise not to use this to assemble terrorist weapons.” The exercise would be pointless. When it comes to software, such a requirement is even more futile.

The Hippocratic License, based on the MIT Open Source License, bans uses for certain purposes:

The software may not be used by individuals, corporations, governments, or other groups for systems or activities that actively and knowingly endanger, harm, or otherwise threaten the physical, mental, economic, or general well-being of individuals or groups in violation of the United Nations Universal Declaration of Human Rights.

Hippocrates
Hippocrates
Hippocrates. Source: Wikimedia Commons.

It’s gotten some attention recently because of an article by Cory Doctorow on BoingBoing. He notes that the license has been deemed incompatible with the Open Source Definition (OSD) because OSD licenses may not “restrict anyone from making use of the program in a specific field of endeavor.” There’s a reason for that, but it’s not the only problem with the license.

I don’t have any special legal expertise, but I have years of experience as a freelance software developer and know my way around contracts. If any client handed me a contract with terms like that, I wouldn’t be able to take it seriously.

Principles vs. contractual terms

The Declaration of Human Rights is a statement of broad principles, not contractually enforceable terms. Article 3 states, “Everyone has the right to life, liberty and security of person.” What constitutes a violation of the article is a huge area of debate. Does the death penalty inherently violate the right to life? Does abortion? How can people’s actions be restricted without violating their right to liberty? Some people are certain of their answers, but others are equally adamant about different answers.

The same applies all through the declaration. What constitutes “degrading” punishment or an “arbitrary” arrest? What actions do governments need to take to respect the right to asylum? People have written volumes on these questions. Expecting a court to rule on them in a software licensing case is unreasonable.

Cory Doctorow writes that Ada Ehmke, the author of the license, “counters that the UN’s Declaration has 70 years’ worth of interpretive cases and scholarship that clears up this ambiguity.” But a large quantity of work on a subject doesn’t turn it into objectively enforceable rules. There are ongoing debates on all aspects of human rights.

The intent of the Universal Declaration of Human Rights is to provide a framework for laws. Laws based on it should contain enough detail to be enforced in court. Legislation is notorious for its inconsistency, even when it claims to be based on a set of founding principles.

Enforcing compliance

Expecting a serious chance of enforcing the license is unrealistically optimistic. The GPL is enforceable when businesses modify and republish licensed software. If they don’t, who’s to know that they’re even using the code?

If a court can stop a violation of human rights, that should be its main concern. If it can’t, how can it stop the use of open-source software to violate them? Ruling that “the defendant is hereby enjoined from using FreebieMail to deliver its assassination orders” would seriously miss the point.

Don’t expect voluntary compliance. If a government tortures political prisoners, it isn’t going to worry about whether it’s violated an open-source license. If its courts say torture is fine, they aren’t going to order the torturers to stop creating their “productivity” reports with Hippocratic License software.

Easy workarounds

If a government is somehow ordered to stop using licensed software, all it has to do is outsource its use to a nominally clean subsidiary. The delegated organization doesn’t need to know what abuses are going on or what role its data operations play in them.

An even simpler trick is to use a cloud application. The software is licensed to the cloud operator, not to the people using it to engage in horrors. The cloud provider isn’t supposed to ask about what its services are used for, especially when they’re stamped as national security secrets.

Who carries the responsibility for knowing how a system will be used? As long as the people using the software aren’t told about its ultimate uses, they carry no responsibility. Governments and criminal gangs routinely carry out violations of rights in secret.

Data processing activity can serve either good or evil. Software to design a bomber can design a civilian aircraft. The bomber could be used to destroy an aggressor’s capacity for conquest or to kill the innocent. It’s the use which turns a computational process into a violation of people’s rights. People are happy not to know the answers to difficult questions about the use their work will go to.

Would we want this kind of license?

The license won’t get anywhere in achieving its intended goals. Ehmke says that the OSD doesn’t let software creators ensure that “our technology isn’t used by fascists,” but the Hippocratic License won’t stop “fascists” from using any software. In any case, would we even want open-source licenses that restrict use to be enforceable? There’s a reason the OSD excludes such restrictions, and it’s not to protect fascists.

Once restrictions on the use of open-source code are admissible, all of them are. You can’t allow just “nice” restrictions. When they’re allowed, the principle of neutrality goes out the window. A corporation could prohibit the use of its code in ways that compete with it. A conservatively-minded author might release film-editing software but say it can’t be used to make porn. Governments might pressure software creators to issue their code under restrictive licenses. That’s not “free as in freedom” but the opposite.

If the Hippocratic License could be enforced, it would accomplish nothing. Code creators would rarely be able to stop anyone from using their software in harmful ways. The institutions that respect human rights the least would pay no attention or would use easy workarounds. All enforcement could do is set a precedent for other restrictive licenses serving special interests. Intimidating a small business or private individual is much easier than stopping a vicious government.

The Hippocratic License fails the “do no harm” test. Its intent may be good, but it won’t impede any violations of human rights. It can only let software creators feel they’re off the hook, while setting a precedent for harmful licenses.

Gary McGath

Written by

Freelance writer, lover of liberty, music, and cats. Computer geek. Other interests include bicycling, history, philosophy, and science fiction.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade