 Here we go, Thorsten Schröder, THS. Hello, you're very brave to still sit here in this weather. My name is Thorsten Schröder. I am a, I started a while ago to think about open source licensing, free software licensing. And I asked myself how contemporary the currently in use open source licenses are with regards to our open source code being used by the military or by intelligence services or by large corporations who are abusing the code for their own nefarious purposes. So how can we prevent misuse or abuse of a code? And that's all I want to start a new discussion about that has existed in the last 10 years. So what drives a developer to publish his code, sorry to publish her code as open source, free software so other people can do something with that? So maybe the developer participated in open source projects in her youth, maybe have developed something and now wants to give back to the community. So usually developers are driven by something good. So usually developers want to make sure that the code is not used for nefarious purposes, like military uses, intelligence services, basically anywhere that puts people at harm's way. So the first discussion, first part of this discussion is the events we had this year where we can think about hacking team transparency report in July, where hacking team, the Italian company that sold surveillance software to repressive regimes and governments to infiltrate their computers and exfiltrate data and audio recordings where people are then being abducted or just disappear. So definitely people coming to harm. And not all of that is released by them. So this example, for example, hacking team used code from Colin Maliner, who built a tool to debug Android systems on the ARM platform. So he built a platform and this framework is being used here. So after all the source code of hacking team landed up on GitHub after they were hacked, people started looking through the data, through the source code and see if their own names appeared in some form of ego googling. And that's how they realized it. For example, Colin Maliner's code and also code from FIFA and the ad guys, people from CCC, from DietLiveC specifically, has been used by a hacking team. And that is the starting point for this debate. At first, I thought to only do a lightning talk, but it's actually more complex because there's plenty of problems that makes it not as easy to simply say, let's extend the GPL with an exclusionary clause. So in the beginning of this year, I started thinking about this problem. And I saw DAPA release a press release about an air support system that they developed in the base of Android where basically the Air Force that uses manned and unmanned vehicles, they can simply get target calls from troops on the ground using an Android tablet. So they can basically touch to kill on the touch screens. And you can even decide which weapon you want to use to kill. So here it should be obvious that Linux kernel code and other open source projects are being actively used to kill people. And that cannot be controlled at the moment. I took this event as an opportunity to write up one clause that I could add to my favorite license. I've done a lot of stuff with the BST license. So I thought let's just try and create a exclusionary clause for BST. It's not as easy. I'm going to go into more detail that later. But that's a discussion we do need to lead again. It's pretty old. It's been discussed more than 10 years ago. In the Free Software magazine, there is an article from 2012 about the same issues. They come to a different conclusion than I do here. But in this article, too, there is a rather long list of open source projects that are explicitly used in the military or made for explicit military use, some of them very generic like GCC, Linux kernel, GNOME, but also open source projects that are expressively created to be used in military situations. Obviously, that's lots of them are software projects that deal with mapping data, with coordinate systems, and so on, simulations, solid modeling. So very specific tools that are used by the military tool for each war. And the conclusion of this article is that we cannot prohibit the military use, and we may not do it either because that's the law. So we're talking about a law. The definition of open source forbids it, and we don't want that to change. So every developer has asked herself how far can we take liability for our own code. Independently of a license, whether it's GPL or anything else, many developers have thought about what happens if my code is being run on medical devices, for example, or in nuclear power plants. And a bug that I created is responsible for the deaths of people or for screen stress turning off in the middle of presentation. So that's not really about a license in the end, but people have been thinking about that. And it's much easier to just distance themselves from military uses, from weapon systems, or from having a code used for repressive tools, or repressive regimes, like in the hacking team case for example. Everyone has thought about that kind of responsibility. And this is about ethics and philosophy apart from licensing. There is one group of developers who have thought about it in 2006. They later called it the pacifist clause. The project was called GPU, the Global Processing Unit, a Nutella client that allows users to share CPU resources with other people. And they extended the GPL with the following. The program and its derivative work will neither be modified nor executed to harm any human being nor through inaction to permit any human being to be harmed. So a reference to Asimov's three laws of robotics. And they tried to ensure that this code that was obviously had its military uses could not be used by the military. And they have no way to actually control that or enforce that. And there's a argument of people opposing these clauses that you can't control them. But such a statement allows us that in case we learn of such a violation of the license, that we can start an open debate. So what reasons do we have against extending licenses? Why don't we have these clauses already? One big reason is Richard M. Stallman, who vehemently argues against these kinds of clauses because he says that that would make the software unfree if we would exclude some part of the state and the military to use the software, parts of the software. So Stallman wants to limit the developer's freedom to limit others' freedom. It's hard to discuss this sensibly with Richard Stallman. He also said he would find it very sad that if his friend who works for the Venezuelan military could not install any more Linux servers. So he says something needs to be free. And that is freedom as in total freedom, where freedom number zero is the freedom to run the program as you wish, however you wish, and for any purpose. So for any purpose that clearly includes killing other humans, surveilling other humans, propagating oppressive regimes. So that's his view on software. And I think in today's time we should definitely think about whether that is still appropriate for this time and age. And we are having some technical difficulties here. Please stand by. In addition to these principles of Richard Stallman, there's also the so-called open source definition and open source.org. HNA paragraph six says that we may not exclude certain groups of users. Paragraph six says no discrimination against fields of endeavor. So we may not limit our users. That's the open source definition says. But possibly we should change that. So as opposed to these exclusionary clauses, I already made that point. They just say the software has to be free. But I think by now we're at a point where we can rethink that issue. And I think if states can change the regulations, I mean, we should be just as enabled to change our software regulations. This is a way of ensuring or at least trying to make sure to make it, well, not as easy for the people who rely on our code to make the risk higher, to make punishment or legal enforcement possibilities simpler. But in any case, we should be enabled to exclude certain forms of usage with our products itself as soon as we deploy them. And this is the idea of a non-military usage form. So when I read this DARPA news item beginning of last year, the idea that I had at that time, I thought this might be for BSD, an exclusionary clause. Well, maybe I was a bit naive. And I wasn't really aware that there was even so much opposition from within the open source community. So this is the text I wrote. With that, I only want to exclude that one certain developer is less important to make this not always a matter of national security concerns. So it can be on several levels. It doesn't have to be that severe. But I do like the visual effects here on the screen. But there are many limitations for this. The GPL, for instance, does exclude that you actually can exclude anything. And this draft that I had, the first draft, this is still on a quite easy level from terminology. But there are boundaries. There are some people who say, well, I don't want my code to be used from the police or from the government either. And well, I'd say, well, that's something everyone should be able to decide for themselves. But the problem is, where is the exclusion mechanism? So you have to have a clause that can be more or less concise, that has, well, is legible and just something which is apparent. And if we don't note this or formalize this in a very concise form, well, no one will really take note. And so I think it's quite simple to, well, find boundaries towards the military. Where does that start? That's quite straightforward or obvious. But maybe some developers won't have less problems, maybe with the intelligence companies. Well, but that remains to be seen. And how can we now actually put that into action? Well, will Richard Storm and Preventus from actually modifying the license? But we could have maybe another approach. There's something like creative commons, which I tentatively called coding commons. So just in the terms of the code we use so far, be it GPL or whatever. Well, more characteristics attached to a project that can be like modularly mounted together from different, well, this is an amendment and not a modification really of the GPL, but the kind of idea that you can add on in modular form. Well, this would be a kind of code commons module, which you could just write down and attach this to your, well, the main attributes say it's non-military, non-intelligence or consents required. So if I write the code, the hardware that it's going to be used on then finally is the user of the hardware actually aware and willing to have this code executed on the machine in question. But this can be in the matter in embedded devices, but similarly, the users have lost control about what's phoning home and have less possibilities to configure and modify themselves. And so that's something which isn't really desirable from the user side. And so that's what the consensus idea is for. And for everything else, I put the X for instance. So whatever that may be, you can specify, be it healthcare or I don't want it to be is for automotive. But here again, we have the problem that it's quite challenging to find short and concise definitions. So maybe I made an audio codec, which is used in a vehicle at some point later. And well, in that manner, I could be compromising the vehicle security with the delay. And so this is why it's important to rely on these user agreements. And so the enforcement, although the consequences have to be, well, obviously you have to find out that someone is without the regulation, but so the enforcement or the punitive means aren't quite that clear. But you can, of course, take this to court and sue and maybe enforce, well, publication of code or just make the punishment part of the contract itself, which would be a kind of fine payment in the end. But this could be a well in the area of about a million to make it interesting and to make people more compliant in these terms. So I think it's not worthless to actually try and define these quite concretely, but at least I do hope that we have a more public debate about these issues. So even if maybe there was a court case and a judge saying, well, we still want to make Bill send our rockets around with your code. Well, then at least we have the situation that there are being rights and negotiations made. And I think that's the overall target. So I think we should think about the possibilities that we have to realize or to at least outline something like this coding commons idea. And that's something that a lot of coders which should sit down to around a table or a mailing list, whatever, and maybe to find a way to talk about this, maybe even to present something for Congress at the end of the year. So just to outline what makes sense, what is possible and what is legal from various perspectives. And I'd just like to encourage you to think about this, about the possibility of these exclusion clauses, especially in security area, exploit and bug bounties or tracking due diligence. There are possibilities to prevent a certain companies from using this and can ensure that this is just transferred on a more immediate basis. And so if you want to take part in this discussion, do please write to me an email. You can see my contacts here and there is no finished concept but I just wanted to put it out as an idea and I'd like to really like to discuss it with you further.