Is Open Source Really Open?

Because Politics Ruin Everything that is Good, Including Bitcoin

Ah, to be a digital citizen. Free of national boundaries, nation state politics, and the messiness of defining your identity by your place of birth or residence. Free of the yoke of physical jurisdiction and its annoying cultural routines and political inconveniences.

Based on my googling of digital nomad it involves drinking wine, owning a lot of Apple devices, and engaging in highly stylized Instagram photo shoots. In reality, traveling + working feels decidedly less glamorous, given I spend most of my time searching for power outlets at shitty airports while eating a stale bag of chips or trying to tether to my phone (safety, y’all) so I can finish some deliverable or file more regulatory paperwork.

Image result for digital nomad

However, this idea of digital citizenship is appealing, and for good reason. Open source software combined with open source money, in the form of bitcoin, sing a siren song of a future where anyone, anywhere can participate in the global economy through the OSS community and earn a living easily, in bitcoin, without needing a bank account, a passport, or approval from regulators. FREEDOM, BABY!

Open Source is Big Business

The idea that open source is a non-profitable activity is one that has been debunked. Open source software has been a massive driver of growth in the software industry. More importantly, it’s been an important driver in both top line (revenue) and bottom line (profitability) growth for companies both inside and outside the software vertical. I could synthesize some data points here on this topic, but fortunately the fine folks at A16Z have put together a great overview (see here) that captures the evolution of open source as a business model. The $34B acquisition of RedHat this year was the final brick that cemented this idea firmly in the minds of investors and entrepreneurs everywhere - open source is big business!

open source deals

It’s funny that as the market has realized open source can be big business, the ethos of open source has also changed radically. In its early days, the open source community looked a lot like the cypherpunk community, and in fact, there was a lot of overlap between the two. Now, it seems like open source has gone corporate and bitcoin feels like it’s going that direction too. Do all movements that start out with strong ideological underpinning get doomed to become watered down versions of themselves with new corporate masters? Perhaps this is a cautionary tale. Perhaps success breeds the worst possible outcome.

The Politics of Open Source

One of the fundamental beliefs surrounding open source is that by lowering barriers to innovation, open source allows the development of new software products that are superior to proprietary solutions. Theoretically, open source makes software a free market that operates on competitive dynamics rather than regulatory capture or other arbitrage models enabled by scale, reach, and influence. Open source is for the little people!

In 2018, GitHub was acquired for $7.5B by Microsoft. At the time of acquisition, it was stated that “GitHub will retain its developer-first ethos, operate independently, and remain an open platform. Together, the two companies will work together to empower developers to achieve more at every stage of the development lifecycle, accelerate enterprise use of GitHub, and bring Microsoft’s developer tools and services to new audiences.”

In the middle of this year, GitHub announced that it would ban users of specific GitHub products in sanctioned countries. The company cited “US export law” as the primary reason for its ban. Here’s a great post from an Iranian software developer summarizing his reaction to the ban and its impact on his ability to work and collaborate online. I don’t think that really helped GitHub maintain an open platform. Methinks some corporate Microsoft lawyers starting sniffing around and realizing that there was some, ahem…. risk on the platform, and that the easiest way to mitigate that risk was to ahem… just go ahead and cut out the bits that were risky.

If this sounds familiar, it’s because… it is. Since the advent of the (F)OSS movement, developers have been fighting the state. Mind you - the original crypto wars started when cypherpunks began to develop and deploy software utilizing encryption technology. The government classified this technology as a weapon, and so encryption technology was outright banned for commercial or personal use due to pesky government export regulations that did not allow for the export of weapons. Laws. They exist. They’re weird. Sometimes corporations try to enforce them in even weirder ways. Because when you have a hammer, everything looks like a nail.

So of course, nerds made t-shirts like the one below and wore them to airports. However, the battle over encryption software was fought across a number of fronts and was a hard won victory. It’s also definitely not over, because apparently the US government is re-opening that conversation with a number of tech companies and demanding a way (maybe even a private key in a throwback to the Clinton era Clipper Chip?) to decrypt all private messages.

Image

What inspired me to put down my thoughts on the politics of open source in the first place is the latest news from our friends at GitLab, a company enabling open source software development and collaboration. GitLab just joined the ranks of companies politicizing open source. The company announced today that it would not hire any support staff in China and Russia following internal conversations around espionage taking place in projects hosted on open source platforms like its own. The announcement made sure to let folks know that "Current team members are prohibited from moving to these countries." Guess my plans of being a digital nomad in China while at GitLab just got crushed.

While it feels rather trivial given the company currently doesn’t employ anyone in these jurisdictions, it’s a big blow to the idea that the world of open source software and our shift from being physical meat sacks to deities in the digital realm could topple the strangehold that nation states (and their politics) have on our lives. While the concerns around the deteriorating political relationship between Russia, China, and the US are certainly relevant, it’s curious to see how it’s trickling in to the OSS community through actions like these. Physical jurisdiction does matter, after all, and if a large enough community congregates on one platform, perhaps these places where digital commerce and collaboration happens are the next frontier where the global trade war will be fought.

But at what point does a company draw the line?

Is open source really open these days if being born in a specific country precludes me from participating in the open source community?

And lastly, if privately owned, privately run, for-profit corporations control the future of open source communities, what does that mean for contributors and communities who organize around these platforms?

How About that Open Source Money?

One of the things I love most about the crypto community is its global nature. It’s rare to find an online community that has so many people from all over the world exchanging ideas in real time and collaborating to build new projects and tools together. And for a brief period in time, we were all even investing together in ICOs and having a fun time playing in the crypto casino. But like all things, crypto isn’t immune to the pressures of global regulation.

First, it may surprise you to know that the US Treasury has put two bitcoin wallet addresses on the official sanction list. But, sanctioning a bitcoin wallet is just the first step in the crackdown on open source money. Arguably, this makes a lot of sense considering the activity going on in the wallet. It’s just interesting that the enforcement action includes monitoring of a wallet address. And new. And profound in a lot of ways.

Second, the EU is implementing new money laundering laws called 5AMLD that include increased scrutiny of crypto activity. This new law requires crypto platforms to effectively de-anonymize their users. And I quote:

To combat the risks related to the anonymity, national Financial Intelligence Units (FIUs) should be able to obtain information allowing them to associate virtual currency addresses to the identity of the owner of virtual currency.

I mean… if there is substantial proof and an order from a court of law to provide the identity of a user of a platform based on suspicious activity reporting, yes that makes sense. But wholesale doxxing of an entire user database? Seems a little unreasonable.

Third, not one to shy away from state surveillance, the UK decided to up the ante a bit and go above and beyond the act of interacting with cryptocurrency to the act of writing software. In the UK intends to go beyond the scope of 5AMLD, and mandate that entities and individuals engaged in the activity of publishing OSS be liable for de-anonymizing users. In their words (or see Page 36 of this report which is just… woof)

the publication of open-source software (which includes, but is not limited to, noncustodian wallet software and other types of cryptoasset related software)

So here is the great existential question - if open source software is vulnerable to control by states and platforms who operate with the permission of the state, what is open source money vulnerable to? In an era of reflexive politics and reactive policies, it doesn’t take much to feel dismayed and alarmed at the narrative that is unfolding.

Are we forced to repeat this battle for the foreseeable future? It seems likely that the crypto wars which were started in the 1990s are far from over. It’s likely the next frontier is a game of cat and mouse between law enforcement and intelligence, who will want access and control, and technology companies and pseudonymous builders, who will produce better tools for the cause.

Resources

If what you’ve read upsets you and infuriates you, well, good! Use your frustration as fuel to:

Other ideas? Sound off in the comments.