Comment by EMIRELADERO
2 months ago
Am I the only one slightly perplexed/worried by the point-blank source code exemption?
It's easy to imagine a scenario where the city decides to develop a specific software in-house and hide the "biases" in the source code, or any other thing one might not find desirable.
Hell, they don't even need to make everything from scratch! Could just patch and use a permissively licensed 3rd-party component.
In my opinion, the proposed amendment does not go far enough.
It shouldn't be surprising ?
It is the same problem people trying to open sourcing closed projects experience, there is all sorts of locked-in proprietary code which the developer and the customer only have the license to use but not share the source.
Even projects which from day one are staunchly open and built without direct commercial interests like government contractors need also suffer from this. The Linux kernel challenges for supporting ZFS or binary blob drivers in kernel/user space and so on are well known[1]
Paradoxically on one hand information wants to be free, and economics dictate that open source software will crowd out closed competitors over time, it is also expensive to open source a project and sometimes prohibitively so and that deters many managers and companies open sourcing their older tools etc, even if they would like to do so, involving legal and trying to find even the rights holder for each component can deter most managers.
If a government put requirements in contracts that the vendor should only use open source components in their entire dependency tree, it could drive the costs very high because a lot of those dependencies may not have equivalent open source ones or those lack features of the closed ones so would need budgets to flesh them out. In the short term and no legislature will accept that kind of additional expense, while in long term public will benefit.
---
[1] yes kernel problems are largely a function of GPL, more permissive licenses like Apache 2 /MIT would not have, BSD variants after all had no challenges in supporting ZFS.
However a principled stance on public applications being open source by government would be closer to GPL than MIT in terms of licensing. Otherwise a vendor can just import the actual important parts as binary blobs "vendored" code and have some meaningless scaffolding in the open source component to comply.
Maybe FOIA should trump licensing in this case. Suppose I write a manual on how to issue bad parking tickets and hide them in a database, and then license that (in since restrictive manner) to the state of Illinois. I think the public's right to see that document is more important than my right to prevent copying and dissemination.
That is true for all kinds of IP . The balance between the two is what IP laws do. Give inventors some protections to encourage innovations while keeping the public benefits in mind .
Copyright is time limited author’s death and 70 years for individuals and 95 years for corporations .
While there are arguments to be made for lesser duration , better preservation requirements etc the balancing of public good to private value is the basis of all copyright laws since statute of Anne 1709.
In a court case you can get access to all types of information as part of discovery, if you are harmed or believed to have been, there are other avenues available for you . If you have standing to sue and the discovery requests are made by a competent lawyer you can get access to internal communications to trade secrets to any other document supporting your claim . you or your lawyer can not use such information for economic benefit or disclose it, they are still protected .
Given that you have options legally to get this data , there is no public need that trumps private property rights because of real or potential harm that justifies blanket access by default
PS: note software is not just copyrighted , it is also covered by patents (20 years) and trade secrets (no expiry ). Also while the law provides protection it does not require disclosure on expiry .
1 reply →
In theory the decision to put those biases in the code should be public information. You can ask for the criteria the software was made to, just not the software itself.
Though rulings like this might have a chilling effect.
Only if they are written down. For instance, DOGE makes sure everything is done by voice so there is nothing to catch them out on in future. I've found that once you start hitting a public body with FOIAs regularly they learn to stop putting incriminating things down in writing.
That's why it's important to push for "public money - open source" initiatives like some countries in the EU are trying to implement.
Off the top of my head, I think the last (now failed) German coalition had this in their programme but didn't deliver. Maybe the new government will.