1. Introduction

1.1 Free or Open?

Open source fundamentals can be found back in the 60s where academics had shown their opposition to the restrictive nature of exclusive rights under intellectual property laws, as a result of the prevalent counter cultural attitude of that decade. Basically academics where opposite to the commercial exploitation of the UNIX, operating system, which was implemented by AT&T at Bell Laboratories [1]. The term open source was first defined at a session on February 3 rd, 1998, where Todd Anderson, Chris Peterson, John Hall, Larry Augustin, Sam Ockman. Michael Tiemann and Eric Raymond were present, as stated in [2]. This definition was derived from the Debian Free Software Guidelines. Richard Stallman, who is the founder of Free Software Foundation (FSF), which supports free software ideals among others[3], flirted with adopting the term, but then changed his mind. As a result two different definitions exist, open source software and free software, which are supported by
the Open Source Initiative and FSF respectively.

Open source Definition as given by the open Source Initiative is the following: “Open source doesn’t just mean access to the source code. The distribution terms of open-source software must comply with the following criteria:

1. Free Redistribution
2. Source Code
3. Derived Works
4. Integrity of The Author’s Source Code
5. No Discrimination Against Persons or Groups
6. No Discrimination Against Fields of Endeavor
7. Distribution of License
8. License Must Not Be Specific to a Product
9. License Must Not Restrict Other Software
10. License Must Be Technology-Neutral” [4].

Free software definition as given by the FSF is: “Free software is a matter of the users’ freedom to run, copy, distribute, study, change and improve the software. More precisely, it means that the program’s users have the four essential freedoms:

• The freedom to run the program, for any purpose (freedom 0).
• The freedom to study how the program works, and change it to make it do what you wish (freedom 1). Access to the source code is a precondition for this.
• The freedom to redistribute copies so you can help your neighbor (freedom 2).
• The freedom to distribute copies of your modified versions to others (freedom 3). By doing this you can give the whole community a chance to benefit from your changes. Access to the source code is a precondition for this.

A program is free software if users have all of these freedoms.”. Moreover, FSF states that
“Free software” is a matter of liberty, not price. To understand the concept, you should think of “free” as in “free speech,” not as in “free beer.””. [5]
The majority of open source software is free software and vice versa. As FSF supports, the two definitions can be seen as identical but are based on different values. In addition, it identifies open source as a development methodology and free software as a social movement [6].

The acronym FLOSS, for free/libre/open source software, was invented by Rishab Aiyer Ghosh [7] and later that year European Union funded a project using this acronym [8]. Since then, the acronym FLOSS is widely used, due to the fact that it does not support neither the term free software or open source software. Hence, in this assignment I am going to use the acronym FLOSS in order to describe free and open source software.

1.2 License models

When Richard Stallman started the GNU Project he was working on Emacs text editor, which he written in 1970s. James Goslig had written a UNIX version of Emacs in 1982, he distributed the source code and also sold his Emacs version to a company. Stallman then modified Gosligs’ source code and created GNU Emacs, but was not allowed to distribute it because he had no authorization from the new copyright owner. So Stallman had to rewrite the entire Emacs to work on UNIX. In order to prevent this happening again Richard Stallman wrote the Emacs General Public License in 1988. In 1989 this License was rewritten and renamed as GNU General Public License and became default for all GNU Programs. The second version of GPL was released in 1991 and the third in 2007 [9]. Since then a lot of Licenses have been released not only by FSF and Stallman but from other companies as well. Here [10] you can find a list of FLOSS licenses from all companies. GNU GPL, GNU LGPL, GNU AGPL, FreeBSD license, Apache license, License of WebM – which is in the news lately – are some of the most widely known licenses.

Moreover, the FSF determined the term “Copyleft” which says that anyone who redistributes the software, with changes or not, must pass along with it the freedom to further copy and change it. With this FSF wants to guarantee that every user has freedom [11]. Three of the most known FLOSS licenses are GNU GPL which guarantees the developer that his program will remain FLOSS no matter who modifies it or distribute it. GNU LGPL which permits the software to be linked with other non-free modules and finally GNU AGPL which is similar to GNU GPL but with an extra paragraph in section 13 which allow users which are working over a network to receive the source for that program [10].

1.3 Cloud Computing and Software as a Service

Cloud Computing gives the opportunity to users and developers to use services without knowing, expertise with, nor control over the technology infrastructure that is underneath them. It is literally, operating the service in a cloud [12]. To be more precise, in cloud computing, shared servers

provide resources, software and data to users and other devices on demand.

Software as a Service (SaaS) is just a software enabled service that is offered on the web, on a month to month subscription or on a pay per use basis, rather than having to purchase or license the software [12].

2. How cloud computing and software as a service are affecting licenses like GPL

2.1 Cloud Computing

Cloud computing is the technology that everyone is talking about in the last years, but it is a fact that cloud computing is not a new implementation of technology. This does not mean that cloud computing is well understood by the designers, but there is a lot more about it than just hardware issues, data links and coding. In the area of cloud computing, location and ownership matters, so as a result lawyers need to participate and try to answer some of the questions that arise [13]. Who is the owner of the cloud you are going to use? If a local law enforcement show up with a writ demanding to see the data on the cloud, then who is responsible for turning over the data? Under the law of what country? Who owns the data? How this would affect the nodes of the cloud? If someone works for an International company, is response in China for example, going to be the same as the response in the United States of America? Is it supposed to be the same? Who must ensure that it is the same? Can data be uploaded and downloaded in the same manner in different countries? Is the disk you save your data only yours or do you share it with someone else? Can anyone else by any chance see my data with my knowledge or not? If yes at what level can he see my data? There are a lot more questions regarding service level agreement, access, up-time, back-up, recovery, password recovery etc that you need in order to keep the system running [13].

The cloud is not a black box, it is just computers, but we have to consider a lot more things before we connect to it. Richard Stallman states that there is a risk of losing your legal right to data stored on a company’s machine instead of yours. In the United States of America, if someone stores his data on a company’s machine then he looses his legal rights. So in the case where the police wants to have access on his files they do not have to show him a police warrant if his data is stored in the company’s machines. They can get it without showing to him anything, they may not even show a search warrant to the company [14].

In addition Richard Stallman tries to demystify the term cloud computing and believes that the term careless computing would suit it better. This is an example he uses to demonstrate this: “Let any Tom, Dick and Harry hold your data, let any Tom, Dick and Harry do your computing for you (and control it)”. He also advises and encourage people to try and keep the control of their data, or we might lose this option in the following years [14].

2.2 Software as a Service

Software as a Service means that someone – for example a company – manages to setup a network server which is able to do an amount of computing tasks, such as running spreadsheets, word processing etc. This company then accepts users to perform their computing on this server by sending their data to the server, which is responsible for the computing, and then sends the results back or acts on them directly. Have in mind proprietary software where, the user most of the times gets an executable file but not the source code of its file. In SaaS, users do not have the source code or the executable file they are running. This leads to some harmful consequences such as: without any single line of code the server administrator can obtain the user’s data without being accused of doing so. This is the nature of SaaS, the server administrator has the ability to change the software in use or the user’s data being operated [15].

2.3 What about FLOSS licenses? “GPL is the new BSD license?”

Bradley Kuhn, the former executive director of the Free Software Foundation, stated that GPL is becoming the new BSD [16]. What was he trying to say? GNU General Public License is the most known FLOSS, copyleft license. When a developer uses GPL for his software, if a distributor wants to redistribute his modification of the software, he must agree that the source code will be available to the recipients under exactly the same terms. This aims to keep software away from copyright. The Berkeley Software Distribution (BSD) license, is a much simpler document which allows anyone to use the source code without any restriction, as long as the copyright notice and disclaimer are preserved [17]. It is easy for someone to understand that the main difference between the two licenses is the fact that source code which is under the BSD license can be used in proprietary software, in contrast with the GNU GPL license which is designed in such way so that all derivative works remain FLOSS.

The main “disadvantage” of the GNU’s GPL license is that the reciprocal clause is only triggered when someone is redistributing the source code. This parameter is not important when someone wants to run a program directly but it is important in the upcoming cloud computing and software as a service where, he does not run the program directly but remotely. In cloud computing and SaaS, there is no distribution of the software, hence the reciprocal clause is never triggered. This means that the service providers of SaaS and the administrators of the servers in cloud computing can use GPL licensed code in their proprietary servers with out doing any crime. This does not overlap with the fundamentals of FLOSS and the idea behind the GNU GPL license and there is nothing to be done due to the fact that it strictly complies with the license. So as Bradley Kuhn said, source code which is licensed under the GNU GPL can be used in cloud computing and SaaS like BSD licensed code can be
used in proprietary code [16].

Fabrizio Capobianco, CEO of Funambol (a company that provides mobile services), states that “The future of software is in cloud computing and if FLOSS is going to survive in that emerging market, then the community needs to adjust” [18]. He continues by saying “If we want open source to thrive in the future, we need to make sure it applies in software as a service. You need a license that preserves copyleft in the cloud world” [18].

Is there an answer to this problem? How can the community of FLOSS adjust to this emerging technologies? FSF with the cooperation with of Affero have created the Affero GPL license (AGPL), which as mentioned above is similar to GPL but with an extra paragraph in section 13 which allows users who interact with software as a service in the cloud, to get the source code as they would when the software was under a GPL licensed program. Fabrizio Capobianco also believes that there are companies that are exploiting the loophole of the GPL and continues by stating that the loophole existed because no one was thinking of running a software over a server and how it would affect copyright [18]. If people continue to use the loophole of the GPL license we are killing the idea of copyleft. Fabrizio believes this is a cancer to FLOSS which is waiting to attack and we better look at it. The solution to this is the use of GNU’s AGPL license to software that may be packaged as a service in the future. Moreover, until now about 181 companies are using the AGPL license which is a small number compared to 3 300 companies which are using the GPL license, but as Fabrizio says, it is going to take a few years for companies to adopt GNU’s AGPL [18]. To sum up the adoption of GNU’s AGPL is essential because computing moves towards mobile, but with mobile comes the cloud. This is the future of computing: a lot of devices such as laptops, mobile phones, tablets etc plus software as a service.

3. Conclusion – Is AGPL the solution?

It is supported by many people that the AGPL license for network services which run in a cloud, brings back the fairness provision that the original GPL intended and returns the freedom that FLOSS promises to all users and developers [18]. But does the APGL license really provides all that?

The AGPL license tries to bring software that works as a service closer to the PC based model for FLOSS licensing by linking the source provision requirement to the modification of the underlying code and its user interaction over a network [19]. Copyright remains in derivative works and provides the potential users with the right to have access to source code. Moreover, with the use of AGPL the vendor is being “watched” somehow so he can not start behaving badly. But there is something that is concerning in all these. Data is the primary challenge of FLOSS in cloud computing so it is easily understood that access on the source code does not help if the data from a service in the cloud are still inaccessible. Three are the main challenges of cloud computing and these are:

1. Data portability
2. Privacy
3. Compatibility

Before the appearance of network applications, access to the source code was the solution for the above challenges. Someone could easily check the data formats and the processing of the data by just looking at the source code. But as the FSF admits [20]:

“If some program on this server is released under the GNU Affero GPL, it requires that the users have  way to download the corresponding source of that program. That is good, but having this source code does not give them control over the computing the server does for them. It also does not tell them what other software may be running on that server, examining or changing their data in other ways.”

Hence, “Terms of service” is an essential part when someone wants to address these challenges for cloud computing. In order to migrate the GPL model to cloud computing, copyright and licenses are not good enough, thus technological characteristics are necessary to provide the user his freedoms. To give the user autonomy, we must guarantee that his data is portable, which means that cloud computing servers must provide API’s (Application Programming Interface) to communicate with other services [19].

In order to apply the GPL model for web applications we will need 3 basic features:

1. Access to source
2. Carefully designed terms of services
3. Technological features (APIs)

An example of this kind of application is Identi.ca, a micro-blogging service which is a FLOSS replica of Twitter. Its licensed under GNU’s AGPL, so a user can have access to the source code. What’s more, the identi.ca’s terms of services clearly determine which data is kept private and which is not, and guarantees that private data is not shared but only used to provide services to the users. Identi.ca will only turn data over to the government with a court order [21]. Finally, with the use of Identi.ca’s API, users can get their data out of the service, which provides us with the third feature. Identi.ca also addresses the vendor lock-in concern by allowing various instances of the service to communicate with each other, thus enabling interoperability without exposing private data.

Someone can easily understand that the AGPL is not by itself enough to provide all the freedoms a user must have in cloud computing or SaaS. A combination of the above 3 features is much more effective and can guarantee the user with his freedoms. GPL license models are being threatened by the spread of cloud computing and software as a service. Technology moves forward. FLOSS license models need to evolve with it.

References

[1] CKemp, R. (2009) Current developments in Open Source Software. Computer Law & Security Review 25(6): 569

[2] History of the Open Source Initiative [Online] Available: http://www.opensource.org/history, Accessed: 21st of January 2011
[3] Peter Brown, “Free software is a matter of liberty, not price”, [Online] Available: http://www.fsf.org/about/, Accessed: 21st of January 2011
[4] The Open Source Definition, [Online] Available: http://www.opensource.org/docs/osd, Accessed: 21st of January 2011
[5] The Free Software Definition, [Online] Available: http://www.gnu.org/philosophy/free-sw.html, Accessed: 21st of January 2011
[6] Richard Stallman, “Why Open Source misses the point of Free Software”, [Online] Available: http://www.gnu.org/philosophy/open-source-misses-the-point.html,Accessed: 21st of January 2011
[7] Rishab Aiyer Ghosh [Online] Available:http://www.merit.unu.edu/about/profile.php?id=24&stage_p=2, Accessed: 21st of January 2011
[8] Free/Libre and Open Source Software: Survey and Study [Online] Available: http://www.flossproject.org/, Accessed: 21st of January 2011
[9] Välimäki, M. (2005) “The Rise of Open Source Licensing: A Challenge to the Use of Intellectual Property in the Software Industry”, Turre Publishing.
[10] Various Licenses and Comments about Them [Online] Available:  http://www.gnu.org/licenses/license-list.html, Accessed: 21 of January 2011
[11] What is Copyleft? [Online] Available: http://www.gnu.org/copyleft/copyleft.html, Accessed: 21st of January 2011
[12]Krissi Danielson, “Distinguishing Cloud Computing from Utility Computing”, [Online] Available: http://www.ebizq.net/blogs/saasweek/2008/03/distinguishing_cloud_computing/, Accessed: 21st of January 2011
[13] David Lane (4th of January 2011), “Behind the Cloud Redux”, [Online] Available: http://www.linuxjournal.com/content/behind-cloud-redux, Accessed: 22nd of January 2011
[14] Charles Arthur, “Google’s ChromeOS means losing control of data, warns GNU founder Richard Stallman”, [Online] Available: http://www.guardian.co.uk/technology/blog/2010/dec/14/chrome-os-richard-stallman-warning, Accessed: 22nd of January 2011
[15] Richard Stallman, “Who does that server really serve?”, [Online] Available: http://www.gnu.org/philosophy/who-does-that-server-really-serve.html, Accessed: 22nd of January 2011
[16]  Jeremy Allison (2009), “GPL’s cloudy future”, [Online] Available: http://www.zdnet.com/blog/btl/gpls-cloudy-future/15855, Accessed: 22 of January 2011
[17] Open Source Initiative OSI – The BSD License:Licensing, [Online] Available: http://www.opensource.org/licenses/bsd-license.php, Accessed: 22nd of January 2011
[18] Bruce Byfield (2008), “Funambol’s CEO sees AGPL as essential for FOSS in cloud computing’s future”, [Online] Available: http://www.linux.com/archive/feature/154696, Accessed: 22nd of January 2011
[19] Derek Bambauer (2009), “Open Source and Cloud Computing”, [Online] Available: http://blogs.law.harvard.edu/infolaw/2009/05/24/open-source-and-cloud-computing/, Accessed: 22nd of January 2011
[20] Why the Affero GPL?, [Online] Available: http://www.gnu.org/licenses/why-affero-gpl.html, Accessed: 22nd of January 2011
[21] Identi.ca ‘s Privacy, [Online] Available: http://www.identi.ca/doc/privacy, Accessed: 22nd of January 2011