Proprietary Software And Our Hackable Elections

Bloomberg reports that:

Russia’s cyberattack on the U.S. electoral system before Donald Trump’s election was far more widespread than has been publicly revealed, including incursions into voter databases and software systems in almost twice as many states as previously reported. In Illinois, investigators found evidence that cyber intruders tried to delete or alter voter data. The hackers accessed software designed to be used by poll workers on Election Day, and in at least one state accessed a campaign finance database….the Russian hackers hit systems in a total of 39 states

In Decoding Liberation: The Promise of Free and Open Source Software, Scott Dexter and I wrote:

Oversight of elections, considered by many to be the cornerstone of modern representational democracies, is a governmental function; election commissions are responsible for generating ballots; designing, implementing, and maintaining the voting infrastructure; coordinating the voting process; and generally insuring the integrity and transparency of the election. But modern voting technology, specifically that of the computerized electronic voting machine that utilizes closed software, is not inherently in accord with these norms. In elections supported by these machines, a great mystery takes place. A citizen walks into the booth and “casts a vote.” Later, the machine announces the results. The magical transformation from a sequence of votes to an electoral decision is a process obscure to all but the manufacturers of the software. The technical efficiency of the electronic voting process becomes part of a package that includes opacity and the partial relinquishing of citizens’ autonomy.

This “opacity” has always meant that the software used to, quite literally, keep our democracy running has its quality and operational reliability vetted, not by the people, or their chosen representatives, but only by the vendor selling the code to the government. There is no possibility of say, a fleet of ‘white-hat’ hackers–concerned citizens–putting the voting software through its paces, checking for security vulnerabilities and points of failure. The kinds that hostile ‘black-hat’ hackers, working for a foreign entity like, say, Russia, could exploit. These concerns are not new.

Dexter and I continue:

The plethora of problems attributed to the closed nature of electronic voting machines in the 2004 U.S. presidential election illustrates the ramifications of tolerating such an opaque process. For example, 30 percent of the total votes were cast on machines that lacked ballot-based audit trails, making accurate recounts impossible….these machines are vulnerable to security hacks, as they rely in part on obscurity….Analyses of code very similar to that found in these machines reported that the voting system should not be used in elections as it failed to meet even the most minimal of security standards.

There is a fundamental political problem here:

The opaqueness of these machines’ design is a secret compact between governments and manufacturers of electronic voting machines, who alone are privy to the details of the voting process.

The solution, unsurprisingly, is one that calls for greater transparency; the use of free and open source software–which can be copied, modified, shared, distributed by anyone–emerges as an essential requirement for electronic voting machines.

The voting process and its infrastructure should be a public enterprise, run by a non-partisan Electoral Commission with its operational procedures and functioning transparent to the citizenry. Citizens’ forums demand open code in electoral technology…that vendors “provide election officials with access to their source code.” Access to this source code provides the polity an explanation of how voting results are reached, just as publicly available transcripts of congressional sessions illustrate governmental decision-making. The use of FOSS would ensure that, at minimum, technology is held to the same standards of openness.

So long as our voting machines run secret, proprietary software, our electoral process remains hackable–not just by Russian hackers but also by anyone that wishes to subvert the process to help realize their own political ends.

Should Free Software Go Into the Public Domain?

I’ve just finished an interesting Twitter conversation with Glyn Moody (author of Rebel Code: Linux and the Open Source Revolution, still one of the best books on the free and open source software phenomenon). Moody has written a very interesting article over at TechDirt, which wonders whether the time has come to put free and open source software into the public domain rather than releasing it under a variety of licenses which rely for their efficacy on copyright law. (Moody’s article finds its provenance in a paper by Clark Asay, who argues that FOSS could be released into the public domain and yet still thrive as a collaborative project.)

My initial response to Moody’s article was skeptical. (Full disclosure: I have not read Asay’s article but will soon do so.) Several years ago, in our book Decoding Liberation: The Promise of Free and Open Source Software, Scott Dexter and I had argued for the superiority of FOSS licenses like GPL over permissive licenses like the BSD because of the worry that the latter made free-riding possible. (Those arguments are still relevant though I will not repeat them here; please do check out the link.)

Moody addresses this worry by quoting Asay:

if a firm were to take and close a project, they almost certainly would not obtain the free labor that contributors around the world are willing to provide to open-licensed projects. Without that free labor, firms would lose the most significant advantages of an open model of innovation, and the free labor would likely remain loyal to the open version of the project. Firms thus already have incentives to open and contribute as much of their materials as possible, since doing so will attract free labor and trigger innovation in directions that better suit the firm and its strategic direction.

and then goes on to say:

The key point is that the code without the community that creates it is pretty much dead. A company may gain a short-term advantage in taking public domain code and enclosing it, but by refusing to give back its changes, it loses any chance of collaborating with the coders who are writing the future versions. It will have no influence, and no way of raising issues of particular concern that help it with its products. Instead, it will have to keep up the development of its own version of the code single-handed. That’s likely to be costly at best, and may even be impossible except for the very largest companies (Apple is an example of one that has succeeded, basing its Mac OS X operating system on the free BSD version of Unix.)

As I noted in my conversation with Moody, I’m considerably less sanguine than he is about these prospects. I do not doubt that FOSS has made great inroads in the world of software (Moody quotes figures like ‘94% of top supercomputers run Linux; 75% of smartphones run Android; tablets next…’). What I do doubt is whether the value of free software is understood at a more conceptual level so that the closing of a formerly open project would be viewed as a bad thing by the developer community (and by users). Moody thinks so, of course, hence our polite disagreement. (I also think new laws will be needed to protect developers from patent infringement claims.)

In any case, I think the argument is an interesting one especially as one might think that copyright protection was only required for FOSS because of the onerous copyright regimes that it exists in and that a move to the public domain would become easier in an environment that understands FOSS’ promise better and so would be less tolerant of the closing of a formerly open project (like Apple closed BSD). Again, this will only happen in a different legal regime.

Hopefully, I’ll get the time to read the Asay article and respond to it more thoughtfully sometime soon. In the meantime, comments welcome.

Free Software and ‘Appropriate Technology’

Last week, as part of a panel session organized at Queens College of the City University of New York, I spoke briefly on ‘Free Software and Appropriate Technology.’ I began by introducing the term ‘appropriate technology’ by setting it in the context of India’s attempts to achieve self-reliance in energy production, an effort that in the 1970s involved a serious interest in nuclear power. This effort had become the subject of a fierce critique by Professor Dhirendra Sharma of the Jawaharlal Nehru University, who suggested in his book, India’s Nuclear Estate that nuclear power was an ‘inappropriate technology’ for India: it encouraged centralization of political power, made energy into a national security issue with its concomitant secrecy, encouraged dependence on erstwhile colonial powers and the signing of treaties that were detrimental to national sovereignty, and more to the point, was expensive, unproven, and unlikely to meet India’s growing energy needs. (Sharma’s efforts did not meet with favor in the councils of power; he was ‘transferred’ to the School of Languages from the School of Sciences as a reprimand, a bizarre move that did nothing to silence Sharma and merely directed more attention to his writings.) Over the course of a few conversations with Sharma I grew to develop an understanding of the notion of ‘appropriate technology’, which might not have been in complete accordance with those who first coined the term, but which did a great deal to provide me with an evaluative framework for thinking about technology and its connection with politics.

I then moved on to making the case for free software as an appropriate technology for India. As Scott Dexter and I noted in our book, Decoding Liberation: The Promise of Free and Open Source Software:

FOSS provides a social good that proprietary software cannot; for example, FOSS may be the only viable source of software in developing nations, where programming talent is abundant but prices for proprietary-software  licenses are prohibitive. Countries such as China and India have seen in FOSS an opportunity to draw on their wealth of programming talent to provide the  technological infrastructure for their rapidly expanding economies. Microsoft’s substantial investments in Indian education initiatives may be prompted by worries that free software might fill indigenous needs instead. FOSS has been cited by Venezuelan President Hugo Chavez as a key element of achieving economic independence from the global North. At the 2005 World Social Forum in Porto Allegre, the Youth Camp focused largely on  FOSS issues. This enthusiasm for FOSS extends to the industrialized First World as well, as many members of the European Union adopt it for governmental administration. [citations removed]

To emphasize the point made in the first sentence above: FOSS prevents lock-in with a monopolistic vendor; it provides an educational laboratory for a country where education in advanced technology is necessary to sustain its economic growth; it encourages autonomous development of software applications and local skills; its price is right, especially if local talent can train themselves on it; it is the ideal software base for the educational system; and so on.

The case is compelling, I think.

Video Game ‘Cloning’: What Is It Good For?

Cloning of video games is a Bad Thing. Or so sayeth Brian X. Chen and some video game developers (New York Times, March 12th, ” For Creators of Games, A Faint Line on Cloning”). Roughly, the thesis advanced is: ‘cloning’ can be destructive of developer motivation and the video game market, and thus seems to require legal intervention (by the application of patenting protections). I want to raise some questions that I hope will complicate the picture Chen provides us of innovation and its relationship to its legal regulation.

So,

In any commercialized art form, be it movies, literature or fashion, the creators often tread a fine line between inspiration and shameless copying. Some small video game makers say that line seems to have all but disappeared….“When another company takes inspiration from the game and they try to make a different game out of it, that’s when getting imitated turns into a compliment,” said Rami Ismail, a co-founder of Vlambeer. “Getting cloned is like getting punched in the face. It’s like a robbery.” Demoralized, Vlambeer stopped development of Ridiculous Fishing for several months. “It was kind of a motivation black hole,” said Jan Willem Nijman, another founder. “It almost destroyed Vlambeer.”

So, copying is ‘shameless’; the imitated seems to think it is both a ‘compliment’ and ‘like getting punched in the face’ and like ‘robbery;’ it can act as demotivator. Ismail’s statement starts by noting ‘inspiration’ and the creation of ‘different games’, which would seem to be a good thing (for game players at least). But something goes wrong: even though a new game has been created, it has employed ‘cloning’, the copying of  “the soul of a game — its gameplay mechanics, design, characters and storyline — “. And this has demotivated the folks at Vlambeer.

This story raises questions well worth pursuing. What did Vlambeer do? Did it make another game? Did the presence of the new, ‘cloned’ game force them into other innovative avenues of development, rather than just working on a previously explored artistic niche? Did the cloning prevent Vlambeer from staying safely and staidly on the same beaten track? What brought Vlambeer back to working on games? What do they work on now and how? More generally, is it the case that those developers whose games have been ‘cloned’ start working on another game or do they exit the development market? Does cloning produce an arms race with games developers innovating furiously to maintain a cutting edge?

Other questions suggest themselves. Did consumers get more games out of this episode of cloning? Were the ‘cloned’ versions of the game better in any regard? Even if the “gameplay mechanics, characters and storyline” are ‘cloned’ what does it mean to say the ‘design’ was cloned? Was the interface of the cloned version identical, or did the interface work ‘better’ in some interesting dimension? For instance, are any of the ‘cloned’ games faster? Do they load quicker? Do game players indicate their preferences for these new games in any way?

After not raising these questions, Chen turns to possible legal protections and regimes:

One reason that cloning is so frequent in the game industry is that there is no easy way to protect a game. A piece of published writing or a photograph can be copyrighted, but not the mechanics of a game. Small game makers could seek patents protecting software design, but they generally shy away from this because acquiring a patent can be both time-consuming and relatively expensive, said Ellisen Shelton Turner, an intellectual property lawyer at Irell & Manella in Los Angeles.

In addition, because games so often draw inspirations from previous works, many game creators believe that patent protections could stifle creativity in future games, Mr. Turner said. “A lot of them are anti-patents,” he said. “And only in hindsight do they think patents are the proper thing to do when someone has stolen their idea.”

But what are the ‘mechanics’ of a game and why are they kinds of things that could be copyrighted? Turner claims that developers shy away from acquiring patents because of the difficulties of the process but then in the next sentence puts it down to their acknowledgment of the creativity-stifling potential of patent protection. Those same developers might know that their development has drawn freely on the creative output of other developers and that seeking patent protections might be damaging to the ecology of the game development world; developers might be more cognizant of this ecology and its particular constraints, than say, corporate ‘intellectual property’ lawyers.  The belated self-knowledge that Turner ascribes to game developers might rather be their acknowledgment of the particular contours of their development community: that their decision to not seek patents  comes with a price attached while contributing to very particular freedoms enjoyed by game developers.

Finally, the central claim, that cloning results in bad outcomes:

The founders of Vlambeer, the maker of Radical Fishing, said they disagreed that cloning was good for consumers. They said cloning would make it more difficult for small companies to take risks on new ideas, but easy for big companies to succeed by rehashing old ideas. As a result, all new games could look extremely alike and unoriginal.

“If we go into that sort of spiral we’ll end up in a place where there’s only cloners, and there’s a limited amount of creativity happening,” Mr. Ismail said. “That’s the biggest horror scenario.”

This ‘horror scenario’ seems overstated. First, in light of the questions raised above. Second, because, peculiarly, in the scenario envisaged, game players appear to have no agency, no discrimination. They do not grant any game-maker first-mover advantage, they seem not to select between games, they mindlessly take on clones just because they are similar to extant games.

‘Cloning’ suggests the creation of identical copies; but the situation at hand deals with new games that incorporate central features of the older game. This fact, and the nature of the game development process, which draws on a ‘commons’ of code, algorithmic techniques, and a grab-bag of tricks and solutions to game development problems, considerably complicates the picture of the game development world and its possible legal regulation that emerges from Chen’s article.

FOSS Licenses: Hackers As Legal Maestros

Over at Concurring Opinions, Biella Coleman writes a very good post on her anthropological work on hackers. In it Biella states what many of us who have looked at the world of free and open source software think:

[M]any developers are nimble legal thinkers, which helps explain how they have built, in a relatively short time period, a robust alternative body of legal theory and laws

I don’t fully agree with the reasons that Biella gives for why this might be so (i.e., similarities between programming and the writing of laws), but I don’t doubt for a second that this is true. Anyone that comes into contact with free and open source software (FOSS) licensing, and with the rich, vibrant discourse that permeates the FOSS community about about copyright and patent law will know that many hackers know the law really well, and they know how to hack the law to make it work for them.

So I found Orin Kerr’s response curiously skeptical:

Can you give a few examples of how the group you have studied are “nimble legal thinkers”? And what are the “robust alternative body of legal theory and laws” that you mention? I think I can say I’ve been somewhat near this space for a few years and I wouldn’t reach that conclusion: I’ve encountered a lot of naive and self-serving legal claims over the years, but not a lot that I would call nimble or robust.

I think the replies in the comments space address Kerr adequately but I’d like to throw in my tuppence in any case. And I’ll do so by talking about what I know best: FOSS licensing.

First, I think FOSS licenses present an alternative body of legal constructs that show how within a political economy that was increasingly becoming proprietary and using copyright, patent and trade secret law to lock down its content (copyright executables; patent algorithms; treat code as trade secrets), an alternative zone of creation can be created, which can flourish, be viable, and be richly productive of more and better code. (Look for instance, at how FOSS licenses solve the problem of protecting their projects from patent infringement lawsuits, and how they solve the problems inherent in multiple-authorship of a body of code).

Second, as for being “nimble” thinkers, I think copyleft licensing is a work of genius–hats off, Richard Stallman and Eben Moglen–and represents, in my mind, one of the cleverest backs to the legal system that I’ve seen. The GPL–in all its incarnations–reveals a deep understanding of the law, and how best to utilize it to bring about desired ends–solving the problem of non-reciprocity that could create a tragedy of the commons–within an existent legal framework (the GPL’s  protection of the commons gives it a practical and ethical advantage over other FOSS licenses). Read GPL V3 and look at how cleverly it addresses the challenges that made it’s release necessary; it’s “nimble” all right. Any lawyer that reads the GPL, understands it, and gets what it is trying to do, should be struck by the sheer cleverness of how copyright law can be made to serve ends that might not look like its original intended ones, but actually turn out to be in great resonance with them.

Third, I don’t think it is any exaggeration to say that a great deal of thinking about how artistic content in the new political economy of the digital world could be distributed and regulated in a way that is respectful of artists and consumers’ interests alike, has been inspired by FOSS licensing. (Creative Commons licensing is a very good example of this; that body of licenses presents an alternative way to deal with artistic content today; it isn’t perfect, but it’s a start, and it got started by FOSS licenses). Sometimes I wonder indeed, if anyone talking about the new digital economy and how to legally configure hasn’t been inspired by FOSS licensing and practices somehow.

When it comes to being “self-serving,” I’d suggest that there is a general tendency in the legal academy to simply not admit that law can be “done” by non-lawyers, that a body of rules built up over a period of time can be “hacked” by others than them.