freedom ‘for users’- which users did you mean, exactly? (or, of users, user-deployers, and user-consumers)

“Free software… refers to four kinds of freedom, for the users of the software…”
–Free Software Definition, emphasis mine

“closing the [ASP] loophole would infringe on certain peoples rights and he [Moglen] didn’t see any way to preserve everyone’s rights…”
— Eben Moglen, as paraphrased here

[The rest of this post is not based on any conversations with FSF/SFLC folks on this issue, but merely on readings of essays/interviews/etc., and so their position here may represent a bit of a strawman. To the extent that the representation is inaccurate I apologize and will strive to fix it if someone points out the inaccuracies. That said, if it is a strawman, it is a useful strawman which helped me sort out my own thinking on the subject.]

who has the freedoms and the rights?

In one of my GPL posts, I mentioned that I thought that the question of ‘who holds the rights’ is a critical distinction between the ‘free’ and ‘open/pragmatic’ licensing camps. To the free camp, rights are held by users; and to the open/pragmatic camp, rights are held primarily by developers- who then grant most (but not necessarily all) rights to users. I thought I’d dig a bit more into that notion, particularly into the question of what a ‘user’ is in this day and age, because I think it helps explain the current dilemma around free software as deployed over the web.

who ‘users’ used to be

FSF has always insisted that “users” are the locus of all rights. In practice, to FSF, “users” has really meant “the people who install the software”- what I’ll call “user-deployers” or “deployers”, in comparison to “the people who use the software”- what I’ll call “user-consumers” or “consumers.”

In the beginning, this was not problematic- anyone who deployed free software also consumed it, so giving rights to all deployers also gave rights to all consumers.

As free software got more popular, this got a little more complicated- deployers were often systems administrators in an organization (who had full rights to modify the code) and the software was used by consumers in the same organization. These user-consumers were given the binaries but were not given enough permissions to install new versions of the binary, or access to source (though they could presumably obtain them for their personal, non-work PCs if they were skilled enough.) And so there was a gap between the rights of deployers (who could modify) and consumers (who could not)- a small gap, but a gap nonetheless.

In practice, this worked OK. The interests of user-deployers and user-consumers were not perfect aligned, but they were pretty close- deployers mostly wanted consumers to get things done and get out of the way, so they protected consumers to a large extent. In addition, even if they weren’t always exactly aligned, consumers and deployers were clearly both on the same side against the software vendors- both consumers and deployers wanted more freedoms than the vendors would necessarily have chosen to give. Given this combination, for most purposes it is fair to say that in practice user-consumers had the freedoms to use and modify- even if in practice those rights were granted to and proxied through the deployers hired by their organizations.

who ‘users’ are now

That brings us to the present day. With the advent of the LAMP-powered web, user-deployers and user-consumers of free software are often no longer in the same organization- the deployer, who was once the local sysadmin, is now the sysadmin of Google or Yahoo. As a result, the interests of the user-deployer and user-consumer are often poorly aligned or in outright conflict. In addition, the old tension between vendors and user-deployers, which helped protect user-consumers, has to a large extent vanished- since the deployer of the free software (the party that runs the compiled code) is now also the vendor.

In a web world, then, user-deployers have the same rights they’ve always had to use and modify. The FSF apparently believes that should not change. But since the deployers and consumers aren’t part of the same organization anymore, the deployers no longer protect the user-consumers, and so user-consumers end up frequently making use of free software without even the slightest ability to use and modify the software- and often even without the right to use and modify their own data!

This is, I think, part of why Matt Asay wants to call GPL ‘the new BSD‘- like the BSD, the GPL lets software vendors (in the BSD case, Apple; in the GPL case, Google) deliver software to consumers without also delivering the freedoms to use, modify, and redistribute. Some freedom is preserved- the freedom of the deployer to use and customize- but this is not, at least in my mind, the kind of freedom I’m aggressively interested in working towards.

so how to restore freedoms to user-consumers?

This problem isn’t easy to resolve systematically- since they are in conflict, any attempt to guarantee rights to user-consumers would seem to require some compromise of the rights of user-deployers. I admit I myself am a bit stymied on the issue, though I have some ideas.

Prof. Moglen and FSF’s position seems to be that the freedoms of user-deployers will trump those of user-consumers until someone comes up with a principled and rights-centric way to draw the line between the two. Unfortunately, Moglen seems skeptical this line can be drawn- and experience shows that he is usually right.

I remain interested in the problem, though, since in the end I’m much more interested in the freedoms of users than the freedoms of sysadmins. I hope that better understanding that there is more than one type of user takes me one step closer to figuring out where the line can and should be drawn.

39 thoughts on “freedom ‘for users’- which users did you mean, exactly? (or, of users, user-deployers, and user-consumers)”

  1. (the “Free software” worldview does this). But it’s increasingly clear that neither approach is sufficient. As I’ve watched various community engagements by various companies and individuals, and discussed this with various people (most recentlyLuis Villa), it seems to me that there are four different roles. These are: Originators (originating co-developers) – people who co-develop a particular Free software commons using open source licenses and norms;

  2. worldview does this). But it’s increasingly clear that neither approach is sufficient. As I’ve watched various community engagements by various companies and individuals, and discussed this with various people (most recentlyLuis Villa), it seems to me that there are four different roles. These are: Originators (originating co-developers) – people who co-develop a particular Free software commons using open source licenses and norms;

  3. (the “Free software” worldview does this). But it’s increasingly clear that neither approach is sufficient. As I’ve watched various community engagements by various companies and individuals, and discussed this with various people (most recentlyLuis Villa), it seems to me that there are four different roles. These are: Originators (originating co-developers) – people who co-develop a particular Free software commons using open source licenses and norms;

  4. I’m sorry, Crosbie, please come back when your comments make actual claims and arguments in a coherent fashion.

  5. You’re right on. While I have worried more about the data stored on the server, the code is also obviously very important.

    Yesterday, I talked with enki about how parts of the European hacker community — in our not so humble opinion — have missed the web 2.0 phenomenon and what it means for software and user-consumers (btw, not so sure about that term but can’t think of a better, either) rights. One thing that is often done is that server-side apps are vilified and rejected. However, their advantages and appeal are so great that this seems to remain a minority view, even amongst hackers.

    So, how could we address these issues? One approach that interests me is a p2p-based replacement for server-apps but that is obviously very far away (things like the allpeers firefox plugin are interesting developments in that direction, though). A different approach would be to focus on user data first, as that seems to be the most urgent concern. In my opinion, making data available goes a long way towards liberating users from a particular platform.

  6. Ingo: I plan to address (probably tomorrow night, but maybe tonight) why I think real p2p apps are a long ways off (though I agree that they would be an elegant solution to the problem), and why server-side apps are something free software must deal with. Hopefully that will help convince remaining folks (though I’m sure nothing in the essay will be exactly new- hopefully old things well organized, though.)

    Data is obviously the biggest issue to get right, but I do think source access and identity also play a role. We’ll see, of course :)

  7. There is only a dilemma because this conversation is being had about freedom in some weird abstract sense that are not grounded in a set of real examples we want to protect.

    Freedom means something very concrete to me and exists to ward off an explicit set of threats. I believe that technology, and communications technologies in particular, play an important mediating role. Quite simply, it determines — “codes” if you will — what we can say, who we can say it to, and how we can say it.

    For me, software freedom is part of a position that the *ability* to control this communication environment is an essential freedom. Of course, the position neither starts nor stops with free software and has implications for computer education, software licensing, communication systems design, spectrum licensing, etc. But it also makes this debate about who users are seem a little like a set of philosophical games to me.

    I also think Moglen overstated his position on this issue — and probably a few others.

  8. Luis, I completely agree that “real p2p” (as in, could replace server-side apps) is a very hard problem and would further say that the burden of proof that it can be done at all is on the p2p guys ;-) We have to deal with server-side apps just because they exist at all.

    The thing is, the whole problem is so thorny and hard that partial solutions (such as data access) might give us some insight into what could be done short-term and the “real p2p” solution might give some insight into desirable properties of a solution.

  9. Alan: I think I’d argue (and I’m not entirely certain yet) that the Affero protects the complete rights of developers, but only some rights of user-consumers, since it deals only with software and not with data and identity, both of which are critical.

    Mako: I’m digesting all that :)

  10. Luis, interesting article. I have thought about it too. Until now I haven’t found a final answer. For me software freedom is something practical. Free Software on my computer allows me to control my computing and my data and allows everyone to participate equally in the digital society.

    If decide to use a web service I give up this control whether I can download the source code or not. As long as I use the web service I depend on the service provider. Maybe I could set up my own service if I could get the source. But is this really feasible? Maybe in some cases but in most cases probably I will not have the hardware (servers) and/or the date (e.g. search index from a search engine) to set up my own service.

    So I come to the temporary conclusion that being able to get the source code from google, yahoo & Co. may be nice for a hacker to learn from it but will probably not extend my freedom that much in a practical sense.

  11. Bjoern: I think that the practical impact varies widely from service to service. Obviously I will never be able to set up google search meaningfully on my own hardware (though see e.g. Atlas) but I could meaningfully set up google mail. It may be that we will see freedom become important for some classes of web service, but not for others.

    [Tangentially, the vast majority of free software users can’t practically hack their desktop/server free software either- not enough knowledge. Does that invalidate efforts to extend freedom to them, in your mind?]

  12. Luis: I think you’re absolutely right about the limits of what the AGPL accomplishes. That’s part of the reason we don’t promote the license as heavily as the GPL. It’s not because we’re absolutely committed to making sure deployers retain all the right they ever had: if we were, I don’t think we would’ve released the AGPL at all. Rather, it’s because we realize it’s not a perfect solution. Just as control of the code shapes how we interact, so does control of the hardware; it’s hard to be free if you don’t have that in some form or another. The recent developments over printers’ yellow dots is a good illustration of that.

    I don’t want to let the perfect be the enemy of the good, though. I’m personally more optimistic than some of my colleagues about the ability of the AGPL to spread freedom, even if it isn’t capable of guaranteeing it.

    With all that said: while networked software is becoming increasingly important for users, and I think it’s important to have the discussion about what freedom means and freedoms users should have in that context, I have yet to be convinced that it’s going to completely overtake people’s computing experience. Web 2.0 applications have shown the most technical promise in areas where people are primarily dealing with data that can easily live on the web from birth ’til death. For areas where there isn’t really data, or where the data is not native to the web, there hasn’t been as much activity. Web-based IM clients haven’t caught on to nearly the same extent as webmail, for example. And last time I checked, all those Flickr users were still touching up their photos with the Gimp.

    And even if people do think that web-based applications are going to completely replace the desktop, making this discussion about freedom the only one that matters, I have two words for them: embedded devices. “The new BSD?” Them’s fighin’ words around these parts. ;)

    A little perspective in this conversation would be helpful. And I don’t just say that to defend the GPL. We’re having a discussion about the freedoms users should have, right? That suggests to me that we should be cognizant of how web-based applications do and will fit into the larger computing context.

  13. I hate the slippery slope argument, but what if the Affero argument extended to all service providers who happened to use software to provide the service? What obligations does a VoIP provider have to its customers, if it happens to use copylefted software in providing that service? What obligations does a POTS provider have to its customers, if it happens to use copylefted software to provide that service?

    From the other direction, what legal principles allow the licensor to govern the use of the software if there is no distribution? Would such a license meet the OSD?

  14. Luis, you’ve taking my post slightly out of context, but that’s neither here nor there….

    w.r.t. software freedoms, I don’t think you can discuss users, freedoms, etc. in isolation from the economic dimension to this
    issue. The cry for closing the ASP loophole is overwhelmingly driven by the free rider problem, and not the desire to be more ‘free’ (as in freedom). When the objective to maximize economic utility, there is never any hesitation to favor some rights
    over another. So why not here?? When I asked Eben about this he specifically indicated that FSF felt that economic utility was maximized (my words, not his) by not favoring anyone’s freedoms.

    Which is where we disagree.

    As far as the AGPL goes, that’s a tepid solution and one that I personally think is awful.

    Let’s not forget that these are licenses, not policy statements. Perhaps that’s where the crux of the divergence lies. The minute you introduce vague, poorly defined, overloaded terms like ‘freedom’ and ‘users’ into a license you’re asking for trouble.

    Terms like ‘convey’ and ‘distribute’ have been circumscribed to avoid the inevitable rights conflicts between user-developers and user-consumer.

  15. Chris: agreed that ‘users’ and such are pretty terrible terms for a license; I’m seeking here to understand the problem (and FSF/OSI/etc.’s tepid reaction to it) more than I am to actually define solutions at this point.

  16. […] freedom ‘for users’- which users did you mean, exactly? Luis Vila latches on to the same issue with defining “software freedom” that I tried to get at when I differentiated between “co-developers” and “deployer-developers” in the context of open source. […]

Comments are closed.