Contributor Agreements Considered Harmful

Eric S. Raymond — Mon, 08 Jul 2019 11:30:00 +0000

Why attempts to protect your project with legal voodoo are likely to backfire on you.

I have a little list (they never will be missed) of stupid things that open-source projects should stop doing. High on this list are CLAs (Contributor License Agreements) and their cousin the mandatory CA (Copyright Assignment).

In this article, I explain why CLAs and CAs are bad ideas and what we ought to be doing instead. In obedience to custom, at this point I issue the ritual disclaimer "I am not a lawyer", but one does not have to be a lawyer to understand the law and game out the ways CLAs and CAs fail to achieve their intended purpose. And, I have researched these failure modes with both lawyers and executives that have literally billions of dollars at stake around IP violations.

I've made a distinction between CAs and CLAs; we can make a further one between ICLAs (Individual Contributor License Agreements) and CCLAs (Corporate Contributor License Agreements). While all are about equally useless, they have slightly differing failure modes.

First, let's consider the ICLA. Some projects require that you sign one before being allowed to submit changes to their repository. Typically, it requires you to assert that (a) you affirmatively choose to license your contributions to the project, and (b) you have the right to do that.

Here's the problem. If you are employed, you almost certainly cannot make claim (b), and the project you are probably trying to help is only setting itself up for trouble if it behaves as though you can. The problem is that most employment contracts define any software you write on working hours or even off hours in connection with your job as "work for hire", and you don't own the rights to work for hire—your employer does.

CAs, such as the Free Software Foundation requires, have exactly the same problem. You don't own the copyright on a work for hire either. Therefore, you can't assign it. I'll get to the case of individual developers not in a work-for-hire situation in a bit.

The CCLA exists as an attempt to address the problems with ICLAs. It's not an agreement that you sign, it's an agreement your employer has to have pre-negotiated with the project to which you want to contribute. You then have to offer the project an identity that it can associate with that CCLA so it knows your contributions are covered.

That at least sounds like it might be useful. Why isn't it? To understand this, we need to do a bit more threat modeling. What is it that open-source projects hope to prevent using CCLAs?

Go to Full Article

How the EU's Copyright Reform Threatens Open Source—and How to Fight It

Glyn Moody — Tue, 03 Apr 2018 16:15:45 +0000

by Glyn Moody

Open source is under attack from new EU copyright laws.

Open Source and copyright are intimately related. It was Richard Stallman's clever hack of copyright law that created the General Public License (GPL) and, thus, free software. The GPL requires those who copy or modify software released under it to pass on the four freedoms. If they don't, they break the terms of the GPL and lose legal protection for their copies and modifications. In other words, the harsh penalties for copyright infringement are used to ensure that people can share freely.

Despite the use of copyright law to police the GPL and all the other open source licenses, copyright is not usually so benign. That's not surprising: copyright is an intellectual monopoly. In general, it seeks to prevent sharing—not to promote it. As a result, the ambitions of the copyright industry tend to work against the aspirations of the Open Source world.

One of the clearest demonstrations of the indifference of the copyright world to the concerns of the Free Software community can be found in Europe. Proposals for reform of copyright law in the European Union contain one element that would have a devastating effect on open-source coding there. Article 13 of the grandly titled "Directive Of The European Parliament And Of The Council on copyright In The Digital Single Market" contains the following key requirement:

Information society service providers that store and provide to the public access to large amounts of works or other subject-matter uploaded by their users shall, in cooperation with rightholders, take measures to ensure the functioning of agreements concluded with rightholders for the use of their works or other subject-matter or to prevent the availability on their services of works or other subject-matter identified by rightholders through the cooperation with the service providers. Those measures, such as the use of effective content recognition technologies, shall be appropriate and proportionate.

Go to Full Article