[amsat-bb] AMSAT Open Source Policy

[Michelle Thompson]

Here are the answers.

1) It allows free and open international collaboration.
2) It removes bankruptingly expensive data management requirements intended
for proprietary companies.
3) It is the best way to reduce legal liability for volunteers in
non-commercial settings.

Taking advantage of the public domain carve outs is safe, sane, legal, and
will galvanize AMSAT engineering.

It requires publishing work as it is created, at minimal cost to an
organization.

It has been repeatedly recommended to AMSAT by experts as the way to go,
for over 10 years.

-Michelle W5NYV




On Wed, Jul 15, 2020 at 1:03 PM Joseph Armbruster via AMSAT-BB <
amsat-bb at amsat.org> wrote:

> Bruce,
>
> You did not really answer the first question: "How does AMSAT benefit
> by pursuing an open source policy?"  The question is really unrelated
> to EAR/ITAR.  What i'm wondering is, if AMSAT published all of its
> hardware and software designs for everything, how does this benefit
> AMSAT?  This is probably the most important question from an
> organizational standpoint.
>
> I had been through a similar discussion with a private company that I
> worked for about a 3D visualization / Earth rendering product that was
> developed by the company.  It was a product that was similar to Google
> Earth and could easily compete with it from a rendering / efficiency /
> user experience standpoint.  The question was: Do we open source the
> software and give it out to the world to attract more people to the
> product / generate a new ecosystem for publicity, or do we keep it
> closed and generate revenue off custom software services.  The company
> chose option 2.  The bottom line was, if we put all the source out in
> the open, most engineering types would not pay us anything, even if we
> did an open/commercial licensing scheme.  Because, let's be honest,
> generally speaking, no-one wants to pay for anything, and that is
> especially true in the OSS world.  And even when you ask people to pay
> for something, they find clever ways to work around licensing and rip
> you off.  I think consulting services become more practical, when the
> technology that is being utilized is more technically challenging and
> there are deadlines involved.  That's why certain OSS products can use
> that model (of course, there are not many consulting opportunities for
> libtiff know-how :-).
>
> One comment on what you said about GPL "you use the GPL where you want
> companies to participate more, rather than just take your stuff and
> modify it in private, never returning anything."  This is a common
> misunderstanding / mis-representation of what the GPL does.  Companies
> are not required to 'return anything'.  It only protects the rights of
> down-stream recipients, not up-stream.  Examples in case others
> reading are not aware of this:
>
> - If an organization downloads, compiles and integrates a GPL
> libWhatever onto a chip in a satellite and the satellite is launched
> into space, there is no downstream recipient of the binaries.  The
> changes can remain within the private organization ad-infinitum.  The
> hardware floats around in a vaccum, maybe burns up in the atmosphere
> and we end up breathing it, outside of that, nothing needs to be given
> back to the community.
>
> - If I download, compile and integrate a GPL libWhatever onto a chip
> and then deliver the binary to say a University team for integration
> or to a customer for use.  Then, the University team or customer has a
> Right to be able to edit the source, etc... Their rights to
> edit/modify are protected.  But, that still doesn't mean the creator
> of libWhatever is guaranteed to receive anything back.
>
> AMSAT could establish an open source policy that would only provide
> licensed code to parties/organizations that agreed to integrate
> according to their terms and conditions.  These terms and conditions
> could be contingent upon AMSAT being a downstream-recipient of the
> software/hardware source/designs (work-products, etc...)  This would
> establish a symbiotic relationship between AMSAT and others with
> mutual benefit.  Others wish to utilize AMSATs software/hardware
> stack, integration know-how, etc... and AMSAT would be guaranteed to
> be on the receiving end of the changes.  AMSAT could also establish
> something like others have, where they have a licensed version that is
> not-permitted-to-fly and a "Pay-For" version that allows you to fly
> it.  It's an interesting idea and along the lines of what several
> other OSS projects do with dual oss, commercial options.
>
> On the whole protesting of ITAR/EAR and Defense Distributed, when you
> say the Federal Government lost, from a practical standpoint, that's
> not really true.  Legal hardship is real.  The end result was a
> private organization, unnecessarily being jerked around by the fed in
> a politically-motivated legal attack.  And then, being jerked-around
> again, by several states.  That cost them and it is still costing
> them, time and money.  The organization could not function during that
> period and is now forced to function differently.  Rules were
> re-written by the DOS, there was an ad-hoc "settlement" including an
> 'exclusive license'.  Isn't that awesome that a company is given an
> 'exclusive license' after being jerked around vs, just being left
> alone in the first place?  Also, Defcad requires you to create a
> login, submit Personally Identifiiable info (PII) to them (ID,
> etc...), etc... before you download anything from them.  That's, NOT
> Open.  I am not certain what they would do if a non-US Person
> attempted to sign up.  It's antithetical to a true, public open source
> process really.  If anything, this case is a shining example of why an
> organization Should:
>
> i) be very selective about what is publicized
> ii) work very cautiously with others in a way that reduces risk
>
> Basically, how AMSAT appears to operate right now.  Why? Because if
> the wrong politically-motivated person in the Department of Whatever
> (or friend of a girlfriend of a mistress of whomever) gets an itch,
> they can make your life a living hell.  And, while they sit back and
> collect a paycheck and have their pension well-funded during that time
> frame... You're left with a ruling in your favor (yaay!) but
> financially strapped, physically deteriorated due the stress and
> likely out of business.  This doesn't just happen in the ITAR realm
> either, look at what happened to the buckyballs company that sold the
> little magnets that you could build little structures out of.  They
> got dragged through the mud for years, for literally selling little
> round magnets...
>
> Joseph Armbruster
> KJ4JIO
>
> On Tue, Jul 14, 2020 at 10:20 PM Bruce Perens <bruce at perens.com> wrote:
> >
> > Michelle, working for ORI, hired a lawyer to take up the ITAR matter
> with the Federal Government, so she probably has some interesting
> information.
> >
> > I have left your questions in, so that this will make sense to readers.
> >
> > On Tue, Jul 14, 2020 at 6:08 PM Joseph Armbruster <
> josepharmbruster at gmail.com> wrote:
> >>
> >> 1) How does AMSAT benefit by pursuing an open source policy?
> >
> >
> > Both ITAR and EAR have a carve-out regarding published research. EAR
> says that things you publish on the Internet are not subject to the EAR.
> ITAR is a bit more difficult, they want you to publish it in a journal or
> put it in a library. There are lots of friendly college libraries who will
> put a blu-ray disk on a shelf for you. And then, you don't have to deal
> with ITAR regarding any digital data. You still have ITAR problems if you
> wish to ship a satellite across a national border, so it is best to
> fabricate it in the nation where it will be launched. And you must never
> provide defense services, not even to the USA. That means if someone you
> know is clearly working on a defense project asks a question on your
> mailing list, you need to explain nicely that they should get that
> information elsewhere because it would get you in trouble. And then tell
> the government. I think the last one I dealt with was from a defense
> company in Pakistan asking about Codec2. The government says thank
>  you for reporting this, it's important, but doesn't tell us any more.
> >
> > The whole Open Source community operates this way, and has no problem
> with ITAR. They are much bigger than AMSAT. And they make AI, cryptography,
> and many other things that are listed on the United States Munitions List.
> >
> >> 2) What are the disadvantages of AMSAT pursuing an open source policy?
> >
> >
> > It's really difficult to see any at this late date. Michelle and I have
> been to NASA meetings where it is really clear that they embrace Open
> Source internally. So does SpaceX, ULA less but Tory (CEO) is very easy to
> talk with. ESA is all over Open Source and there is a Librespace guy in
> European Central Bank who can make introductions for us. Legally, we could
> even cooperate with nations on the embargoed list, but at that point I
> would want explicit permission, no need to antagonize the government just
> because the law allows you to do something.
> >
> >> 3) Say a new project was about to start, where should all the design
> >> files, source code files, presentations, virtual machines, etc...
> >> live?
> >
> >
> > It's really easy to put everything on Github or Gitlab, in public mode.
> I wrote a script that mirrors ORI's github repositories to its own server,
> and we can just burn  a disc from that and put it in a library.
> >
> >> 4) What license would the items be released under (this one will be
> >> interesting to me)?
> >
> >
> > The important thing is that everyone have the right to read. Then, you
> satisfy the requirements in the ITAR and EAR carve-outs, if you also
> publish it on the internet and make it available in a library. Libraries
> often have web terminals, so I think that Internet is enough, but getting a
> library to host a disc is easy. So even a Creative Commons license would be
> adequate, but I suggest BSD if you want it to be available for commercial
> use without getting modifications returned to the community, or GPL if you
> would rather have modifications returned to the community. This is a short
> explanation of Open Source licensing, and I could go into subtleties at
> length.
> >
> > I generally prefer that hardware designs be placed in the public domain.
> Currently hardware is dubiously copyrightable due to 17 USC 102(b) and
> court cases I could discuss at length too. It is not to our advantage for
> courts to take our own example of attempting to copyright hardware designs
> and decide that hardware designs are actually copyrightable.
> >
> >> 4.a) Will the license be Free in a FreeRTOS or CGAL sortof way, where
> >> it's free for non-commercial use?
> >
> >
> > You can do that, since it is only necessary that it not be trade
> secret.  But everyone else doing this goes 100% Open Source, and we want to
> be able to share their work and have them share ours. The fact that
> AMSAT-EA works with Librespace and AMSAT-NA does not is suboptimal.
> >
> >> 5) How can satellite security be mitigated if the source is in the
> >> public domain?
> >
> >
> > You mean command and control? The simplest answer is that you use
> encryption to command the satellite, and you don't have to publish your
> cryptographic key. It's data, not the software. However, I have a design
> for terrestrial cryptographic signature that fits the FCC rules that
> prohibit cryptography that obscures the message. Digital signature does not
> obscure the message, it just authenticates it.
> >
> > AMSAT used to use a secret data word and exclusive-OR to encrypt
> communications.Very primitive and implemented in discrete logic chips. This
> is explicitly permitted by FCC for satellites rather than terrestrial ham
> radio. I would hope that we could do digital signature today.
> >
> > > 6) Are you satisfied with the way AMSAT development currently takes
> place or do you feel there is a need to change development practices?
> >
> > My personal opinion is that a lot of the ITAR mess we are currently in
> would go away if AMSAT went to a 100% Open Source policy like most of the
> newer Amateur Space organizations. Unfortunately, we have engaged ITAR
> attorneys who have only worked with proprietary companies, where trade
> secret is necessary, and thus ITAR must apply. Open Source is new to them.
> >
> > One of the most difficult jobs of a manager is managing legal counsel.
> Most managers don't understand what counsel is saying OR what questions to
> ask. And I have seen few managers that are equipped to push back or who
> even understand that pushing back is possible. Sometimes you have to bring
> your lawyer into new areas they have never explored - although that is less
> so than 20 years ago when Open Source was new, and they are very likely to
> give you the determinations that they made for some proprietary corporation
> which are entirely wrong for your public benefit non-profit.
> >
> > In my consulting business, which mainly services law firms and their
> customers, I have met many attorneys who are up to speed on Open Source and
> intellectual property. There are fewer attorneys who are up to speed on
> Open Source and ITAR, and I would spend some time with them to discuss the
> issues.
> >
> >>
> >> 7) Do you think AMSAT would benefit by adopting an open source policy
> >> where all materials are placed in the public domain?
> >
> >
> > There are two "public domains". There is public domain in the sense of
> copyright abandonment and patent and copyright expiration, and then ITAR
> 121 uses the words "public domain" to mean "public knowledge". In general
> most Open Source communities do not use public domain, because the laws of
> many nations, including the United States, do not actually define that an
> affirmative dedication of a work to the public domain has legal meaning.
> They define public domain only in the sense of copyright and patent
> expiration. So, we have contrivances like the CC0 license to work around
> that, which is a public domain declaration if the national law and court
> likes that, but a liberal license otherwise. But most Open Source teams
> would choose a very liberal license like the BSD, where the only real
> requirements are that you preserve attribution (and everyone likes
> attribution) and the license text. Or, you use the GPL where you want
> companies to participate more, rather than just take your stuff
>   and modify it in private, never returning anything.
> >
> >> 8) Can you see any landmines or pitfalls from doing so (technical,
> >> legal, etc...)?
> >
> >
> > I really put myself out there trying to attract the attention of the
> Federal Government in protesting ORI's ITAR/EAR policy, and got no
> interest. This may have been because of the Defense Distributed case, which
> was about gun plans online, and I don't want to get into a 2nd amendment
> discussion, but once the Federal Government lost that they didn't have much
> to go after _us_ about.
> >
> > The landmine is that if you need lawyers. If you don't do this, you also
> need lawyers :-)
> >
> >> I wanted to ask about this, since it's mentioned constantly, but
> >> OpenSource is a reasonably loose term that means different strokes to
> >> different folks.
> >
> >
> > The Open Source Definition at Opensource.org is the one I wrote.
> >
> >     Thanks
> >
> >     Bruce
> > --
> > Bruce Perens - CEO at stealth startup. I'll tell you what it is
> eventually :-)
> _______________________________________________
> Sent via AMSAT-BB at amsat.org. AMSAT-NA makes this open forum available
> to all interested persons worldwide without requiring membership. Opinions
> expressed
> are solely those of the author, and do not reflect the official views of
> AMSAT-NA.
> Not an AMSAT-NA member? Join now to support the amateur satellite program!
> Subscription settings: https://www.amsat.org/mailman/listinfo/amsat-bb
>