Implications of the Web for Free and Open Source Licenses

The notion of “software as service” is challenging the concept of software similarly to the way today’s global economy is challenging the idea of what it means to be a company.

As bizarre as it might sound, Japanese brands are often manufactured in the United Sates, while American cars are often manufactured in Mexico. If parts of the car are made all over the world by different companies and finally assembled by Ford, what exactly is Ford selling? The tightening of screws at the end of a complex production line? The “service” of getting your car made by… whoever?

Cooperation between Detroit and Japanese brands has produced some joint models that still carry different brand names and design. The new, stylish Pontiac Vibe and Toyota Matrix hatchbacks, for instance, are mechanically similar because of an agreement between General Motors and Toyota.

Until recently, companies have often manufactured the major parts of the products they produced, but now through mechanization, companies are much less dependent on direct manufacturing. Manufacturing is now performed by other companies that larger companies package and sell to the public.

Judgment reserved.

With that said, what is the difference between an application installed on your local computer and one installed on a machine in a network? Both systems produce data that is packaged and transmitted through some electrical system and gets assembled and displayed on a screen. Historically the access point for the data has been the operating system’s windowing system, but now we are seeing many of these functions being performed by a web browser instead of being opened directly on the OS. This begs the question: how heavily processed can the data be when rendered by a browser before it is apparent that one never actually runs applications locally? What does it even mean to run a program locally? And what are the implications of this for free and open source licenses? With human readable XML as the new binary, what are web applications required to provide in order to comply with free and open source licenses?

Like manufacturing, the value no longer appears to be in the processing of data but in the collection and handing off of processed information: the service. This happened with the commodification of software, which the free and open source movements played an important role in bringing about. Now it seems that ‘outsourcing’ is creeping up to a higher level and is no longer limited to building applications but can apply to the processing of data.

A simple example is email: Webmail was one of the first web applications and is now the most popular. Webmail has become so popular that many people don’t bother setting up any local email clients. Another good example that is still in its infancy is the Facebook/Myspace phenomenon. While local address books are still necessary, it appears that eventually some form of direct connectivity is necessary between contacts, and social networking sites are providing the first generation of this shift. The value is no longer just in holding the information but in creating relationships by having this information on a greater network.

So Facebook/Myspace is not simply for holding emails, addresses, and sharing photos. These are applications that free the user from the notion that applications need to be local. In many industries local applications are becoming less relevant, especially when the value created by the networked application is fully realized. The tools themselves that make this possible, like Linux and Apache, have become stable commodities and the focus is now on the service industries that they’ve created.

And that, after all, was my message: not that open source licenses are unnecessary, but that because their conditions are all triggered by the act of software distribution, they fail to apply to many of the most important types of software today, namely Web 2.0 applications and other forms of software as a service.

When open source licenses were developed, we thought of software as something that processed local and isolated data, or sometimes data in a limited network. The ability to access or process that data depended on the ability to have the software installed on your machine. There has always been a direct connection between the application and the data being processed.

According the the Free Software foundation:

Free software is a matter of the users’ freedom to run, copy, distribute, study, change and improve the software. More precisely, it refers to four kinds of freedom, for the users of the software:

• The freedom to run the program, for any purpose (freedom 0).
• The freedom to study how the program works, and adapt it to your needs (freedom 1). Access to the source code is a precondition for this.
• The freedom to redistribute copies so you can help your neighbor (freedom 2).
• The freedom to improve the program, and release your improvements to the public, so that the whole community benefits (freedom 3). Access to the source code is a precondition for this.

Many popular web applications now open their web APIs, which allow other applications to access their data. These APIs allow users to build complex tools that collect data from multiple sources, similar to the way UNIX allows you to stack smaller applications and connect them together. Even if the back-end source code of these web applications was released, the application is often so heavily dependent on the information that it stores that it won’t necessarily be useful. That is not an argument for or against releasing back-end code, but is just to say that we’ve reached a point in software that accessing the data is more important than the process of how it is generated.

So as data becomes cheaper to process, the value appears to be in its analysis; making creative connections and correlations between dispersed data and unrelated pieces of information. The dominant paradigm is shifting from the individual’s ability to process data towards the individual’s ability to access the preprocessed value created by large networks.

I don’t think that the answer is to try to make free and open source licenses that restrict the behavior of web applications, so that, for example, the GPL would bind Amazon or Google and keep them from using Linux

What does all this mean for free and open source licenses? Well, as the boundary between local and remote applications gets blurred, it’s becoming clear that the licenses devised for local software are not well suited to the latest wave of web-based applications.

A new standard must be defined for these applications, one that considers the vast amounts of user data they are processing, storing and transmitting. A new standard has to strike a balance between the rights of the individual user and the right of the service provider to control and leverage the user’s data as an integral part of their networked application.
The next wave of ethical software must address the following issues:

• Individual ownership of data – Who owns personal information?
• Individual’s privacy – How is information shared? How anonymous is broad analysis?
• Redistribution of reprocessed data – Can I reuse the data in a new application?
• Cross compatibility between related networks – How easily can I move between competing services?
• Data Removal – How much information is retained after unsubscribing from the service?
• End of Service – What is the strategy for the stored data if the service fails?