Software: annoying speech or crappy product?
03 July 2017
Zeynep Tufekci, in the New York Times:
Since most software is sold with an “as is” license, meaning the company is not legally liable for any issues with it even on day one, it has not made much sense to spend the extra money and time required to make software more secure quickly.
The software business is still stuck on the kind of licensing that might have made sense in the 8-bit micro days, when "personal computer productivity" was more aspirational than a real thing, and software licenses were printed on the backs of floppy sleeves.
Today, software is part of products that do real stuff, and it makes zero sense to ship a real product, that people's safety or security depends on, with the fine print "WE RESERVE THE RIGHT TO TOTALLY HALF-ASS OUR JOBS" or in business-speak, "SELLER DISCLAIMS THE IMPLIED WARRANTY OF MERCHANTABILITY."
But what about open source and
collaboration and science, and all that
stuff? Software can be both "product" and
"speech".
Should there be a warranty on speech? If I dig up my
shell script
for re-running the make
command when a
source file changes, and put it on the Internet,
should I be putting a warranty on it?
It seems that there are two kinds of software: some is more product-like, and should have a grown-up warranty on it like a real busines. And some software is more speech-like, and should have ethical requirements like a scientific paper, but not a product-like warranty.
What's the dividing line? Some ideas.
"productware is shipped as executables, freespeechware
is shipped as source code" Not going to work for
elevator_controller.php
or a home router security
tool written in JavaScript.
"productware is preinstalled, freespeechware is downloaded separately" That doesn't make sense when even implanted defibrillators can update over the net.
"productware is proprietary, freespeechware is open source" Companies could put all the fragile stuff in open source components, then use the DMCA and CFAA to enable them to treat the whole compilation as proprietary.
Software companies are built to be good at getting around rules. If a company can earn all its money in faraway Dutch Sandwich Land and be conveniently too broke to pay the IRS in the USA, then it's going to be hard to make it grow up licensing-wise without hurting other people first.
How about splitting out the legal advantages that the government offers to software and extending some to productware, others to freespeechware?
Freespeechware licenses
license may disclaim implied warranty
no anti-reverse-engineering clause in a freespeechware license is enforceable
freespeechware is not a "technological protection measure" under section 1201 of Title 17 of the United States Code (DMCA anticircumvention)
exploiting a flaw in freespeechware is never a violation of the Computer Fraud and Abuse Act
If the license allows it, a vendor may sell freespeechware, or a derivative work of it, as productware. (This could be as simple as following the
You may charge any price or no price for each copy that you convey, and you may offer support or warranty protection for a fee.
term of the GPL.)
Productware licenses:
license may not disclaim implied warranty
licensor and licensee may agree to limit reverse engineering rights
DMCA and CFAA apply (reformed of course, but that's another story)
It seems to me that there needs to be some kind of quid pro quo here. If a company that sells software wants to use government-granted legal powers to control its work, that has to be conditioned on not using those powers just to protect irresponsible releases.