Session
Schedule FOSDEM 2022
Legal and Policy Issues

A globally unified governance framework for Open Source

International arbitration to harmonize the security provisions of sovereign states and Open Source? Learning from the Java Virtual Machine, Ceph and abstraction layers
D.legal
Christopher Klooz
<p>Differentiating between architectural flaws and bugs in socio-technical systems: Open Source is no legal term or a political institution in dominant sovereign state systems, making it vague and interpretable in different contexts. However, it is a fundamental institution in security provisions in today's socio-technical societies. But it remains impossible to harmonize the transnational Open Source system with sovereign systems: both cannot be clearly mapped to each other. Yet, international arbitration provides a type of remedy that already exists in software development, illustrating how a shift from just fighting bugs to mitigating architectural flaws can look like.</p>
Initially, the Internet imitated the institutions of the social world despite their limited eligibility (such as "emails" with their complex and vulnerable architecture). Today, societies are socio-technical without delimitable transitions between technology/Internet and society. Societies have started to adapt to and integrate the possibilities the code provides, no longer vice versa. Sovereign state systems early found their limitations in tackling the resulting challenges. However, software development had already to manage comparable issues. The Java Virtual Machine and Ceph are two of many examples: another abstraction layer can create flexibility, simplification and unification on top of different systems. International arbitration could offer Open Source a transnational and globally-unified framework, enshrined in an arbitration agreement: embedded in a dedicated organization in an eligible legal system to facilitate the conduct of organizations and communities on which code and the Internet depend. Open source and its related institutions are already the core element of a transnational separation of powers, which is based upon competition: public processes &amp; public code in conjunction with distribution (of development, code, review &amp; testing) enable forking (to avoid monopolies and irrevocable consolidation of powers at one place). Reflecting the software engineering concept "secure by design", Open Source has created a "socio-technical system secure by design" because it avoids single points of failure both in social and technical realms: it does not relate governance to centralization but to distribution. Indeed, if issues like the 2020 Solarwinds Hack would spread in deployed Linux kernels, this could have unprecedented consequences far beyond the technical realms. However, Open Source and its institutions remain capable of providing sufficient security and deterrence. There is much more behind Open Source than just open/public code. The increasing use and consolidation of IT in governments may break the traditional separations of powers and does not provide the "security by design" of Open Source institutions if applied to socio-technical systems. Indeed, if one administrator and his password in one consolidated IT department can manipulate the databases used in executive, legislative and judiciary operations, new risks can arise. The system around Open Source already contributes to the security provision of and on the Internet and thus, indirectly to the overall security provision of people and entities that depend on the Internet: it facilitates security in socio-technical societies. If it proves eligible, enshrining the relevant (and legally implementable) Open Source institutions in an arbitration agreement may result in an compatible abstraction layer on top of the traditional state systems. Complementary, this abstraction layer may facilitate to release traditional systems from tackling issues they simply cannot tackle without softening and blurring their own institutional architecture. It may turn antagonism into symbiosis. However, Facebook's Libra indicates the complexity (but also the possibility) of creating such "implicit legal" ventures (in Switzerland). It also indicates that Switzerland could possibly enable the fusion of an international arbitration body (through its "international private law") with an open/public/distributed but regulable cryptocurrency to facilitate not just the (Open) Source but also (open) exchange within one globally unified system. Although they will be critical and challenging for any international arbitration approach, legal patent- and license-related questions are not considered in this lecture. This lecture is derived from the perspective of the field of international relations. It illustrates the role of Open Source in contemporary security provisions (next to and in interaction with sovereign states' security provisions for citizens) and it aims to put alternative (types of) approaches with and around Open Source into discussion.

Additional information

Type devroom

More sessions

2/5/22
Legal and Policy Issues
Masafumi Ohta
D.legal
<p>I have started to teach OSS licences and compliances at a Japanese university since last year. it was difficult to teach OSS licences and compliances because I should have shown many of use cases so that the students could learn what the licences and compliance are and more, they even didn't know how to deal with ordinal software licenses. So, I had to talk many of the background knowledges to the students as an 'introduction' so that students could understand the OSS licences with ...
2/5/22
Legal and Policy Issues
Vittorio Bertola
D.legal
<p>Last year we introduced the reasons and the plans for the new Digital Markets Act of the European Union, regulating online markets to further more competition with the dominant gatekeepers. In 2021, the act was discussed and finally voted by the European Parliament, which expanded many of its provisions and strengthened the new rules. In 2022, the act will be negotiated again with member States and then, possibly, finally approved by the Parliament. In this update we will explain in details ...
2/5/22
Legal and Policy Issues
Italo Vignoli
D.legal
<p>During the pandemic we have experienced a sudden growth of remote activities, with people working and studying from home. Most proprietary solutions were not suited for the task, as they were not compliant with GDPR, as they were profiling users beyond the provided service, and in many cases could not guarantee that end user data were maintained within Europe acconrding to EU legislations. Unfortunately, EU governments ignored the situation and signed contracts with big techs for remote work ...
2/5/22
Legal and Policy Issues
Lucas Lasota
D.legal
<p>The number of devices on which users cannot run Free Software is exponentially increasing. The consequence is an increased loss of control over users’ technology. In order to remediate this situation, the FSFE has been working with the concept of Device Neutrality, understood as a policy principle that ensures users equal access and non-discriminatory use of their devices. The FSFE has advocated for four main principles: stricter consent rules for pre-installed apps, no vendor lock-in, full ...
2/5/22
Legal and Policy Issues
D.legal
<p>The organizers of the Legal and Policy DevRoom for FOSDEM 2022 discuss together the issues they've seen over the last year in FOSS, and consider what we can learn from the presentations on the track this year, and look forward together about the future of FOSS policy.</p>