Recently RedHat’s Open Source advocacy effort, Open Source Now, sent out a notice about concerns it has over the Uniform Computer Information Transactions Act (UCITA). Three issues were of primary concern about the UCITA:

  • Recognition of open source by reference and or definition.
  • Exemption of open source software from mandatory warranties.
  • Exceptions to permit reverse engineering of software.

What follows is what I submitted to RedHat, expressing my views on these issues.

Problems with the UCITA

I strongly agree with the minimal amendments that RedHat proposes, specifically the exemption of Open Source from mandatory warranties, and the legality of reverse engineering.

As an Open Source and Free Software author of several moderately-well-known programs, I cannot conceive of how I should be held accountable for a warranty applied to software I freely give out, for the benefit of all. The licenses I use, the GNU General Public License and it’s friend, the GNU Lesser General Public License, specifically state that the software I distribute is done so without any warranty whatsoever. This license has been applied to thousands of pieces software for over a decade. It is considered to be one of the strong points of the entire Open Source and Free Software communities.

Consider even software placed in the public domain; how in the world should the author be held responsible for something that is freely available? My mind boggles at the concept.

Consider even software released by Computer Science researchers that is meant for experimental, research use. Why should they be held accountable for experimental, bleeding-edge software? If they were, they would not release their research, and peer-review of research software would disappear in a flash.

Consider the Open Source Linux modifications recently released to the public by the NSA, dubbed “Security-Enhanced Linux”. Should the NSA be held accountable by a warranty for any potential bugs in their modifications?

In fact, with Open Source and Free Software, a warranty is much less needed compared to proprietary, closed-source software. With Open Source and Free Software, since the human-readable source code is available, any technical person has the ability to modify the program, and fix problems in it; there is no mandatory need for vendor support; users can be their own fixers. While most people do not possess the technical skills to modify their own software, the community at large possesses hundreds of thousands, if not millions, of Open Source and Free Software developers that are willing to take on practically any task. So even without a warranty, Open Source and Free Software users do have refuge from needing to rely on vendors.

Hence, I suggest that it can be concluded that to mandate Open Source and Free Software authors to be held accountable by warranty is an extremely ill-advised idea, and I strongly oppose any such pieces of law that mandate it.

Concerning reverse engineering, I will first state that I have done little reverse engineering myself. However, I have benefited greatly from the reverse engineering done by others. Reverse engineering of protocols and data formats ensures interoperability and more modular systems.

Consider the monopolistic position that Microsoft has. A good part of the reason they have been able to maintain this monopoly has been through the non-disclosure of their communications and data formats. Without the reverse engineering done by the Samba team, which creates a unix version of the Windows Network Neighborhood, the gap between Windows and unix would be even greater; Microsoft would hold an even more monopolistic position, able to carry out its illegal practices with even more ease.

The internet has grown through open protocols and open data formats. Email, web documents, web (HTTP and HTTPS) protocols, IRC chat, TCP/IP networking, the list goes on and on. The infrastructure of the internet is open. Without openness, we would not have the internet experience as we have it today. Disallowing reverse engineering only helps close up the internet.

When one performs reverse engineering, one is attempting to gain access to a trade secret (the protocol, format, or program code). There should be no reason we should be trying to protect these trade secrets; there is nothing wrong with reverse engineering in itself, so we should not be creating laws to protect these by disallowing reverse engineering. If reverse engineering were disallowed, these trade secrets would be covered effectively with the full power of a patent, without the need for disclosure. That is, we get the worst of both worlds: no disclosure, and no freedom to replicate or learn from design. We should mandate that the software producer choose one or the other: either open protocol under patent (if it so deserves a patent, of course), or under a trade secret, subject to possible reverse engineering.

Hence, I conclude that to disallow reverse engineering is an ill-advised concept, and I strongly oppose any bill that would make it law.

In conclusion, I hope that my arguments show that the pieces of the UCITA that RedHat is against are not well-thought-out pieces of law, with very negative consequences, and hence I strongly oppose the UCITA.