Open source is under attack from new EU copyright laws.
Open Source and copyright are intimately related. It was Richard Stallman's clever hack of copyright law that created the General Public License (GPL) and, thus, free software. The GPL requires those who copy or modify software released under it to pass on the four freedoms. If they don't, they break the terms of the GPL and lose legal protection for their copies and modifications. In other words, the harsh penalties for copyright infringement are used to ensure that people can share freely.
Despite the use of copyright law to police the GPL and all the other open source licenses, copyright is not usually so benign. That's not surprising: copyright is an intellectual monopoly. In general, it seeks to prevent sharing—not to promote it. As a result, the ambitions of the copyright industry tend to work against the aspirations of the Open Source world.
One of the clearest demonstrations of the indifference of the copyright world to the concerns of the Free Software community can be found in Europe. Proposals for reform of copyright law in the European Union contain one element that would have a devastating effect on open-source coding there. Article 13 of the grandly titled "Directive Of The European Parliament And Of The Council on copyright In The Digital Single Market" contains the following key requirement:
Information society service providers that store and provide to the public access to large amounts of works or other subject-matter uploaded by their users shall, in cooperation with rightholders, take measures to ensure the functioning of agreements concluded with rightholders for the use of their works or other subject-matter or to prevent the availability on their services of works or other subject-matter identified by rightholders through the cooperation with the service providers. Those measures, such as the use of effective content recognition technologies, shall be appropriate and proportionate.
Translated into practical terms, this means that sites with major holdings of material uploaded by users will be required to filter everything before allowing it to be posted. The problems with this idea are evident. It represents constant surveillance of people's online activities on these sites, with all that this implies for loss of privacy. False positives are inevitable, not least because the complexities of copyright law cannot be reduced to a few algorithmic rules that can be applied automatically. That, and the chilling effect it will have on people's desire to upload material, will have a negative impact on freedom of expression and undermine the public domain.
The high cost of implementing upload filters—Google's ContentID system required 50,000 hours of coding and $60 million to build—means that a few big companies will end up controlling the market for censorship systems. Their oligopoly power potentially gives them the ability to charge high prices for their services, which will impose burdens on companies in the EU and lead to fewer online startups in the region. Other problems with the idea include the important fact that it seems to go against existing EU law.
Article 13 has been drawn up mainly to satisfy the barely disguised desire of the European copyright industry to attack successful US companies like Google and Facebook. But the upload filter is a very crude weapon, and it will affect many others who—ironically—will be less able than internet giants to comply with the onerous requirement to censor. For example, it is likely that Wikipedia will be caught by the new rule. After all, it hosts huge amounts of "subject-matter" that is uploaded by users. As a post on the Wikimedia blog pointed out: "it would be absurd to require the Wikimedia Foundation to implement costly and technologically impractical automated systems for detecting copyright infringement."
But for readers of Linux Journal, perhaps the most troubling aspect of Article 13 is how it would affect open source. Another class of websites that "provide to the public access to large amounts of works or other subject-matter uploaded by their users" are collaborative software platforms and code repositories. As a site called Savecodeshare.eu, set up by the Free Software Foundation Europe and OpenForum Europe (full disclosure: I am an unpaid Fellow of the related OpenForum Academy), explains:
As a result of this ongoing copyright review, every user of a code sharing platform, be they an individual, a business or a public administration, is to be treated as a potential copyright infringer: their content, including entire code repositories, will be monitored and blocked from being shared online at any time. This restricts the freedom of developers to use specific software components and tools that in return leads to less competition and less innovation. Ultimately this can result in software that is less reliable and a less resilient software infrastructure for everybody.
As a detailed white paper on the problem from the same organization explains, at risk are key websites, such as Software Heritage, GitHub, GitLab, GNU Savannah and SourceForge. It points out that under the proposed law, these sites would be directly responsible for a wide range of user actions, including uploading unauthorized copies of software or other material and using code in ways that are not compliant with their original licenses. Since it will be hard if not impossible for many of these sites to prevent those things from occurring, it is quite likely some will block all access from European users and shut down their operations in the EU. Open-source projects may be forced to do the same. In the white paper, KDE board member Thomas Pfeiffer is quoted as saying:
To what extent KDE is directly impacted by the proposed regulation fully depends on whether the above setup would make us "information society service providers storing and giving access to large amounts of works and other subject-matter uploaded by their users". If yes, then we would probably need to move most of our infrastructure and organization outside of the EU.
Figure 1. Services Affected by Article 13 (Image Courtesy of EDiMA: http://edima-eu.org/wp-content/uploads/2018/01/Services-affected-by-Article-13-Infographic.jpg)
Clearly, the potential impact of the Copyright Directive's Article 13 on the way open source is created around the world is considerable. The good news is that the new EU law has not yet been finalized and is still in a state of flux. The bad news is, it's not getting better.
For example, the politician overseeing the passage of the new law through the European Parliament has recently proposed an amendment that would exempt major sites from upload filters on the condition that they sign formal licensing agreements with all the copyright owners of the material they host. For code repositories, that's an impossible task given the volume of the files that are uploaded—there is no collecting society for coders, as there is for musicians or authors, say, to give blanket permission for all the hosted material. Any form of Article 13 with either upload filters or mandatory licensing is unworkable for key sites in the Open Source world.
Its fundamental flaws mean that Article 13 must be removed from the Copyright Directive. A multilingual site called Savethememe.net has been set up to make it easy to speak directly to members of the European Parliament, who will have a decisive vote on the proposals. Another course of action is to spread the word about how harmful Article 13 would be for the entire open-source ecosystem, and the negative knock-effects this would have on global innovation and society. The more that programmers are aware of the problem and make noise about it everywhere, the more the code repositories worst affected can point to the mounting global concern about the impact of the upload filters, and the greater the impact of their calls to drop Article 13 completely.
About the Author
Glyn Moody has been writing about the internet since 1994, and about free software since 1995. In 1997, he wrote the first mainstream feature about GNU/Linux and free software, which appeared in Wired. In 2001, his book Rebel Code: Linux And The Open Source Revolution was published. Since then, he has written widely about free software and digital rights. He has a blog, and he is active on social media: @glynmoody on Twitter or identi.ca, and +glynmoody on Google+.