Michelle, working for ORI, hired a lawyer to take up the ITAR matter with the Federal Government, so she probably has some interesting information.
I have left your questions in, so that this will make sense to readers.
On Tue, Jul 14, 2020 at 6:08 PM Joseph Armbruster < josepharmbruster@gmail.com> wrote:
- How does AMSAT benefit by pursuing an open source policy?
Both ITAR and EAR have a carve-out regarding published research. EAR says that things you publish on the Internet are not subject to the EAR. ITAR is a bit more difficult, they want you to publish it in a journal or put it in a library. There are lots of friendly college libraries who will put a blu-ray disk on a shelf for you. And then, you don't have to deal with ITAR regarding any digital data. You still have ITAR problems if you wish to ship a satellite across a national border, so it is best to fabricate it in the nation where it will be launched. And you must never provide defense services, not even to the USA. That means if someone you know is clearly working on a defense project asks a question on your mailing list, you need to explain nicely that they should get that information elsewhere because it would get you in trouble. And then tell the government. I think the last one I dealt with was from a defense company in Pakistan asking about Codec2. The government says thank you for reporting this, it's important, but doesn't tell us any more.
The whole Open Source community operates this way, and has no problem with ITAR. They are much bigger than AMSAT. And they make AI, cryptography, and many other things that are listed on the United States Munitions List.
2) What are the disadvantages of AMSAT pursuing an open source policy?
It's really difficult to see any at this late date. Michelle and I have been to NASA meetings where it is really clear that they embrace Open Source internally. So does SpaceX, ULA less but Tory (CEO) is very easy to talk with. ESA is all over Open Source and there is a Librespace guy in European Central Bank who can make introductions for us. Legally, we could even cooperate with nations on the embargoed list, but at that point I would want explicit permission, no need to antagonize the government just because the law allows you to do something.
3) Say a new project was about to start, where should all the design
files, source code files, presentations, virtual machines, etc... live?
It's really easy to put everything on Github or Gitlab, in public mode. I wrote a script that mirrors ORI's github repositories to its own server, and we can just burn a disc from that and put it in a library.
4) What license would the items be released under (this one will be
interesting to me)?
The important thing is that everyone have the right to read. Then, you satisfy the requirements in the ITAR and EAR carve-outs, *if *you also publish it on the internet and make it available in a library. Libraries often have web terminals, so I think that Internet is enough, but getting a library to host a disc is easy. So even a Creative Commons license would be adequate, but I suggest BSD if you want it to be available for commercial use without getting modifications returned to the community, or GPL if you would rather have modifications returned to the community. This is a short explanation of Open Source licensing, and I could go into subtleties at length.
I generally prefer that hardware designs be placed in the public domain. Currently hardware is dubiously copyrightable due to 17 USC 102(b) and court cases I could discuss at length too. It is not to our advantage for courts to take our own example of attempting to copyright hardware designs and decide that hardware designs are actually copyrightable.
4.a) Will the license be Free in a FreeRTOS or CGAL sortof way, where
it's free for non-commercial use?
You can do that, since it is only necessary that it not be trade secret. But everyone else doing this goes 100% Open Source, and we want to be able to share their work and have them share ours. The fact that AMSAT-EA works with Librespace and AMSAT-NA does not is suboptimal.
5) How can satellite security be mitigated if the source is in the
public domain?
You mean command and control? The simplest answer is that you use encryption to command the satellite, and you don't have to publish your cryptographic key. It's data, not the software. However, I have a design for terrestrial cryptographic signature that fits the FCC rules that prohibit cryptography that *obscures the message. *Digital signature does not obscure the message, it just authenticates it.
AMSAT used to use a secret data word and exclusive-OR to encrypt communications.Very primitive and implemented in discrete logic chips. This is explicitly permitted by FCC for satellites rather than terrestrial ham radio. I would hope that we could do digital signature today.
- Are you satisfied with the way AMSAT development currently takes place
or do you feel there is a need to change development practices?
My personal opinion is that a lot of the ITAR mess we are currently in would go away if AMSAT went to a 100% Open Source policy like most of the newer Amateur Space organizations. Unfortunately, we have engaged ITAR attorneys who have only worked with proprietary companies, where trade secret is necessary, and thus ITAR must apply. Open Source is new to them.
One of the most difficult jobs of a manager is managing legal counsel. Most managers don't understand what counsel is saying OR what questions to ask. And I have seen few managers that are equipped to push back or who even understand that pushing back is possible. Sometimes you have to bring your lawyer into new areas they have never explored - although that is less so than 20 years ago when Open Source was new, and they are very likely to give you the determinations that they made for some proprietary corporation which are entirely wrong for your public benefit non-profit.
In my consulting business, which mainly services law firms and their customers, I have met many attorneys who are up to speed on Open Source and intellectual property. There are fewer attorneys who are up to speed on Open Source and ITAR, and I would spend some time with them to discuss the issues.
- Do you think AMSAT would benefit by adopting an open source policy
where all materials are placed in the public domain?
There are two "public domains". There is public domain in the sense of copyright abandonment and patent and copyright expiration, and then ITAR 121 uses the words "public domain" to mean "public knowledge". In general most Open Source communities do not use public domain, because the laws of many nations, including the United States, do not actually define that an affirmative dedication of a work to the public domain has legal meaning. They define public domain only in the sense of copyright and patent expiration. So, we have contrivances like the CC0 license to work around that, which is a public domain declaration if the national law and court likes that, but a liberal license otherwise. But most Open Source teams would choose a very liberal license like the BSD, where the only real requirements are that you preserve attribution (and everyone likes attribution) and the license text. Or, you use the GPL where you want companies to participate more, rather than just take your stuff and modify it in private, never returning anything.
8) Can you see any landmines or pitfalls from doing so (technical,
legal, etc...)?
I really put myself out there trying to attract the attention of the Federal Government in protesting ORI's ITAR/EAR policy, and got no interest. This may have been because of the Defense Distributed case, which was about gun plans online, and I don't want to get into a 2nd amendment discussion, but once the Federal Government lost that they didn't have much to go after _us_ about.
The landmine is that if you need lawyers. If you don't do this, you also need lawyers :-)
I wanted to ask about this, since it's mentioned constantly, but
OpenSource is a reasonably loose term that means different strokes to different folks.
The Open Source Definition at Opensource.org is the one I wrote.
Thanks
Bruce