Bruce,
You did not really answer the first question: "How does AMSAT benefit by pursuing an open source policy?" The question is really unrelated to EAR/ITAR. What i'm wondering is, if AMSAT published all of its hardware and software designs for everything, how does this benefit AMSAT? This is probably the most important question from an organizational standpoint.
I had been through a similar discussion with a private company that I worked for about a 3D visualization / Earth rendering product that was developed by the company. It was a product that was similar to Google Earth and could easily compete with it from a rendering / efficiency / user experience standpoint. The question was: Do we open source the software and give it out to the world to attract more people to the product / generate a new ecosystem for publicity, or do we keep it closed and generate revenue off custom software services. The company chose option 2. The bottom line was, if we put all the source out in the open, most engineering types would not pay us anything, even if we did an open/commercial licensing scheme. Because, let's be honest, generally speaking, no-one wants to pay for anything, and that is especially true in the OSS world. And even when you ask people to pay for something, they find clever ways to work around licensing and rip you off. I think consulting services become more practical, when the technology that is being utilized is more technically challenging and there are deadlines involved. That's why certain OSS products can use that model (of course, there are not many consulting opportunities for libtiff know-how :-).
One comment on what you said about GPL "you use the GPL where you want companies to participate more, rather than just take your stuff and modify it in private, never returning anything." This is a common misunderstanding / mis-representation of what the GPL does. Companies are not required to 'return anything'. It only protects the rights of down-stream recipients, not up-stream. Examples in case others reading are not aware of this:
- If an organization downloads, compiles and integrates a GPL libWhatever onto a chip in a satellite and the satellite is launched into space, there is no downstream recipient of the binaries. The changes can remain within the private organization ad-infinitum. The hardware floats around in a vaccum, maybe burns up in the atmosphere and we end up breathing it, outside of that, nothing needs to be given back to the community.
- If I download, compile and integrate a GPL libWhatever onto a chip and then deliver the binary to say a University team for integration or to a customer for use. Then, the University team or customer has a Right to be able to edit the source, etc... Their rights to edit/modify are protected. But, that still doesn't mean the creator of libWhatever is guaranteed to receive anything back.
AMSAT could establish an open source policy that would only provide licensed code to parties/organizations that agreed to integrate according to their terms and conditions. These terms and conditions could be contingent upon AMSAT being a downstream-recipient of the software/hardware source/designs (work-products, etc...) This would establish a symbiotic relationship between AMSAT and others with mutual benefit. Others wish to utilize AMSATs software/hardware stack, integration know-how, etc... and AMSAT would be guaranteed to be on the receiving end of the changes. AMSAT could also establish something like others have, where they have a licensed version that is not-permitted-to-fly and a "Pay-For" version that allows you to fly it. It's an interesting idea and along the lines of what several other OSS projects do with dual oss, commercial options.
On the whole protesting of ITAR/EAR and Defense Distributed, when you say the Federal Government lost, from a practical standpoint, that's not really true. Legal hardship is real. The end result was a private organization, unnecessarily being jerked around by the fed in a politically-motivated legal attack. And then, being jerked-around again, by several states. That cost them and it is still costing them, time and money. The organization could not function during that period and is now forced to function differently. Rules were re-written by the DOS, there was an ad-hoc "settlement" including an 'exclusive license'. Isn't that awesome that a company is given an 'exclusive license' after being jerked around vs, just being left alone in the first place? Also, Defcad requires you to create a login, submit Personally Identifiiable info (PII) to them (ID, etc...), etc... before you download anything from them. That's, NOT Open. I am not certain what they would do if a non-US Person attempted to sign up. It's antithetical to a true, public open source process really. If anything, this case is a shining example of why an organization Should:
i) be very selective about what is publicized ii) work very cautiously with others in a way that reduces risk
Basically, how AMSAT appears to operate right now. Why? Because if the wrong politically-motivated person in the Department of Whatever (or friend of a girlfriend of a mistress of whomever) gets an itch, they can make your life a living hell. And, while they sit back and collect a paycheck and have their pension well-funded during that time frame... You're left with a ruling in your favor (yaay!) but financially strapped, physically deteriorated due the stress and likely out of business. This doesn't just happen in the ITAR realm either, look at what happened to the buckyballs company that sold the little magnets that you could build little structures out of. They got dragged through the mud for years, for literally selling little round magnets...
Joseph Armbruster KJ4JIO
On Tue, Jul 14, 2020 at 10:20 PM Bruce Perens bruce@perens.com wrote:
Michelle, working for ORI, hired a lawyer to take up the ITAR matter with the Federal Government, so she probably has some interesting information.
I have left your questions in, so that this will make sense to readers.
On Tue, Jul 14, 2020 at 6:08 PM Joseph Armbruster josepharmbruster@gmail.com wrote:
- How does AMSAT benefit by pursuing an open source policy?
Both ITAR and EAR have a carve-out regarding published research. EAR says that things you publish on the Internet are not subject to the EAR. ITAR is a bit more difficult, they want you to publish it in a journal or put it in a library. There are lots of friendly college libraries who will put a blu-ray disk on a shelf for you. And then, you don't have to deal with ITAR regarding any digital data. You still have ITAR problems if you wish to ship a satellite across a national border, so it is best to fabricate it in the nation where it will be launched. And you must never provide defense services, not even to the USA. That means if someone you know is clearly working on a defense project asks a question on your mailing list, you need to explain nicely that they should get that information elsewhere because it would get you in trouble. And then tell the government. I think the last one I dealt with was from a defense company in Pakistan asking about Codec2. The government says thank you for reporting this, it's important, but doesn't tell us any more.
The whole Open Source community operates this way, and has no problem with ITAR. They are much bigger than AMSAT. And they make AI, cryptography, and many other things that are listed on the United States Munitions List.
- What are the disadvantages of AMSAT pursuing an open source policy?
It's really difficult to see any at this late date. Michelle and I have been to NASA meetings where it is really clear that they embrace Open Source internally. So does SpaceX, ULA less but Tory (CEO) is very easy to talk with. ESA is all over Open Source and there is a Librespace guy in European Central Bank who can make introductions for us. Legally, we could even cooperate with nations on the embargoed list, but at that point I would want explicit permission, no need to antagonize the government just because the law allows you to do something.
- Say a new project was about to start, where should all the design
files, source code files, presentations, virtual machines, etc... live?
It's really easy to put everything on Github or Gitlab, in public mode. I wrote a script that mirrors ORI's github repositories to its own server, and we can just burn a disc from that and put it in a library.
- What license would the items be released under (this one will be
interesting to me)?
The important thing is that everyone have the right to read. Then, you satisfy the requirements in the ITAR and EAR carve-outs, if you also publish it on the internet and make it available in a library. Libraries often have web terminals, so I think that Internet is enough, but getting a library to host a disc is easy. So even a Creative Commons license would be adequate, but I suggest BSD if you want it to be available for commercial use without getting modifications returned to the community, or GPL if you would rather have modifications returned to the community. This is a short explanation of Open Source licensing, and I could go into subtleties at length.
I generally prefer that hardware designs be placed in the public domain. Currently hardware is dubiously copyrightable due to 17 USC 102(b) and court cases I could discuss at length too. It is not to our advantage for courts to take our own example of attempting to copyright hardware designs and decide that hardware designs are actually copyrightable.
4.a) Will the license be Free in a FreeRTOS or CGAL sortof way, where it's free for non-commercial use?
You can do that, since it is only necessary that it not be trade secret. But everyone else doing this goes 100% Open Source, and we want to be able to share their work and have them share ours. The fact that AMSAT-EA works with Librespace and AMSAT-NA does not is suboptimal.
- How can satellite security be mitigated if the source is in the
public domain?
You mean command and control? The simplest answer is that you use encryption to command the satellite, and you don't have to publish your cryptographic key. It's data, not the software. However, I have a design for terrestrial cryptographic signature that fits the FCC rules that prohibit cryptography that obscures the message. Digital signature does not obscure the message, it just authenticates it.
AMSAT used to use a secret data word and exclusive-OR to encrypt communications.Very primitive and implemented in discrete logic chips. This is explicitly permitted by FCC for satellites rather than terrestrial ham radio. I would hope that we could do digital signature today.
- Are you satisfied with the way AMSAT development currently takes place or do you feel there is a need to change development practices?
My personal opinion is that a lot of the ITAR mess we are currently in would go away if AMSAT went to a 100% Open Source policy like most of the newer Amateur Space organizations. Unfortunately, we have engaged ITAR attorneys who have only worked with proprietary companies, where trade secret is necessary, and thus ITAR must apply. Open Source is new to them.
One of the most difficult jobs of a manager is managing legal counsel. Most managers don't understand what counsel is saying OR what questions to ask. And I have seen few managers that are equipped to push back or who even understand that pushing back is possible. Sometimes you have to bring your lawyer into new areas they have never explored - although that is less so than 20 years ago when Open Source was new, and they are very likely to give you the determinations that they made for some proprietary corporation which are entirely wrong for your public benefit non-profit.
In my consulting business, which mainly services law firms and their customers, I have met many attorneys who are up to speed on Open Source and intellectual property. There are fewer attorneys who are up to speed on Open Source and ITAR, and I would spend some time with them to discuss the issues.
- Do you think AMSAT would benefit by adopting an open source policy
where all materials are placed in the public domain?
There are two "public domains". There is public domain in the sense of copyright abandonment and patent and copyright expiration, and then ITAR 121 uses the words "public domain" to mean "public knowledge". In general most Open Source communities do not use public domain, because the laws of many nations, including the United States, do not actually define that an affirmative dedication of a work to the public domain has legal meaning. They define public domain only in the sense of copyright and patent expiration. So, we have contrivances like the CC0 license to work around that, which is a public domain declaration if the national law and court likes that, but a liberal license otherwise. But most Open Source teams would choose a very liberal license like the BSD, where the only real requirements are that you preserve attribution (and everyone likes attribution) and the license text. Or, you use the GPL where you want companies to participate more, rather than just take your stuff and modify it in private, never returning anything.
- Can you see any landmines or pitfalls from doing so (technical,
legal, etc...)?
I really put myself out there trying to attract the attention of the Federal Government in protesting ORI's ITAR/EAR policy, and got no interest. This may have been because of the Defense Distributed case, which was about gun plans online, and I don't want to get into a 2nd amendment discussion, but once the Federal Government lost that they didn't have much to go after _us_ about.
The landmine is that if you need lawyers. If you don't do this, you also need lawyers :-)
I wanted to ask about this, since it's mentioned constantly, but OpenSource is a reasonably loose term that means different strokes to different folks.
The Open Source Definition at Opensource.org is the one I wrote.
Thanks Bruce
-- Bruce Perens - CEO at stealth startup. I'll tell you what it is eventually :-)