On Non-Fungible Tokens, Faces of Our Leadership, and Supporting Artists
byon December 23, 2021
We were certainly surprised this week to be told that we (Karen and Bradley) were “for sale” at approximately US$200 each. It's not us personally that's for sale, of course. Rather, the sale is for financial derivative products that are based on digital images of us. Because of the connection to these financial derivative products (called NFT) to our work on ethical technology and FOSS generally, we share herein our analysis of the situation. And, in the unlikely event you were thinking about buying one of these risky financial derivatives — we give our recommendation for an alternative way that you fund both Software Freedom Conservancy and the artist who took the photographs in question while avoiding derivative products entirely.
Photo © 2017 by Peter Adams, licensed CC BY-SA
On 2017-03-04, we (Karen and Bradley) sat for a photo shoot with a photographer named Peter Adams, who later released one photo from each of our shoots as part of a larger work called “Faces of Open Source”. We were surprised to learn that we were the only FOSS leaders (among those who had been photographed at that point) to raise the question of FOSS licensing for the photographs themselves. Sadly, Adams was not interested in licensing the series under a Free license. We nearly declined to continue with the photo shoot, but Karen had a compromise idea: if Adams agreed to license one good photo of each of us back to us under CC-BY-SA, we would agree to sit for the photo shoot. We both agreed to sign a release of copyright claims. Rarely do subjects/models hold copyrights anyway on photos (unless it's a selfie), so we determined, especially given that we were in town for the Southern California Linux Expo, this photo shoot was not much different (ethically and morally speaking) than walking around the conference and being photographed candidly, in which case we'd also not hold copyright. We did not relinquish any other of our rights and permissions, but we did agree that our photos could be part of the “Faces of Open Source” art project. We were really happy with the photos, and were glad we had CC-BY-SA photos to use. We appreciated that Adams took the time to prepare them for us.
Non-Fungible Tokens (NFTs)
There has of course been much discussion about NFTs and how they operate on a blockchain. We suspect most of our readers already know the technical details of how NFTs work. What we'd like to focus on is the high level description and how it relates to works of authorship and FOSS licenses.
First and foremost, note that, to our knowledge and understanding, sale of an NFT is generally unrelated to the copyright questions of the image. The NFT is (roughly) a cyptographically-signed checksum of the image. “Owning an NFT” simply indicates that — on some blockchain somewhere — a group of people who participate in that blockchain have cryptographically verified that the particular checksum is associated with you. NFT hawks liken this to “owning” the underlying work, but this is not true. Consider it this way: the “underlying holding” is the photograph itself, which has a financial value based on (a) the fame of the subject, and (b) the artistic ability of the photographer to get a good/intriguing photo of that subject. The NFT, by contrast, isn't the photo, it's “bragging rights” of having others identify that you paid some amount money for the blockchain participants to assent to your “ownership” of a checksum of that photo. The NFT's value, thus, may move in the same direction of the value of the copyright of the photo (or, say, a physical print of that photo), or it may not; there is no way to know. Moreover, we suspect, given the novelty of NFTs, that financial experts don't even yet have reliable equations to understand how NFTs financially relate to their underlyings (as exist for other financial derivatives like futures contracts and stock options). While many people investing in NFTs understand their nature and understand what they are spending money on, we also think there's a predatory component of this industry that exploits people who don't have a good understanding of how NFTs work. We fear that many other people spend money on NFTs without really understanding what they are buying.
Photo © 2017 by Peter Adams, licensed CC BY-SA
Meanwhile, one need not have a copyright holdership or even a license to create an NFT of any given image. We could sell NFTs of the same images if we wanted to, even though we don't hold the copyright. We could sell NFTs of the extremely similar color images (shown here) that Adams' licensed under CC-BY-SA. But, we aren't going to do any of that. We think selling NFTs of these images is a silly thing to do.
A Few of the Problems with NFTs
NFTs have many problems, and we aren't going to list them all here, as many are outside the scope of ethical technology. However, the most concerning problem is that most NFT blockchains use “proof of work” systems to verify transactions, which costs computing resources (including intensive use of processors, that produces heat, wastes electricity, and risks wearing out the processors more quickly than more traditional uses). While NFTs are not yet widely adopted (and thus the costs in this regard are currently nominal) most researchers believe that long-term and widespread use of “proof of work” is ill-advised (for environmental and other reasons).
For our part, we probably would not have commented publicly on our concerns about these issues. But, Adams made NFTs for specific images of us, and there is mostly nothing we can do about it — other than state our opinion of it. We would be remiss if we didn't point out that other laws besides copyright are involved here. We are left wondering whether use of one's faces to promote NFTs in this manner could be construed as a violation of California's Right to Publicity Law, and standard releases often don't broadly grant any rights to endorse products like NFTs. (In this case, our rights releases were wholly narrowed to the “Content”, which here is the actual photo, and we were the “models”). It's unclear how far a right to publicity would extend as a legal matter, and we have no intent to explore that. We agree with others in the “Faces of Open Source” series that Adams made a mistake (ethically and morally) by not asking the subjects to agree to have their names associated with the sale of NFTs (particularly given the serious ethical technology considerations about NFTs).
Getting Artists (and Developers) Paid
One of the mission goals of Software Freedom Conservancy is to fund developers to work on FOSS (related to our member projects and initiatives). We believe strongly that folks who do Free Culture works should, similar to those who do Free Software work, get paid for that work. What's more, even though Adams chose not to make “Faces of Open Source” a Free Culture project (opting instead for a traditional proprietary model), we still think Adams should get some compensation for his work — especially for the two photos he licensed as CC-BY-SA. But we think NFTs is the wrong approach.
We originally proposed selling photos in this blog post as a method to raise funds for Adams' work, but Adams wrote to us and indicated that he had not been experimenting with NFTs as compensation for his past work but rather to both help fund future Faces of Open Source photo shoots and raise money for FOSS organizations like ours. So Adams and we all suggest that if you like FoOS, please donate to our current fundraising campaign and other organizations doing good work in this space.
The Hate-Mail We Expect
We know that many of our Sustainers and fans believe deeply that NFTs and other blockchain-related technologies like cryptocoins are world-changing technologies. We remain neutral on that point; we admit that we simply don't know how important these technologies will be long-term. However, we do encourage everyone to consider the ethical implications of technology like this. Plowing ahead with any technology simply because it's new and exciting often leads to unintended dystopian consequences (such as already occurred advertising-based, algorithm-controlled platforms from MMAGA companies).
Finally, this is of course not a full analysis of all the moral and ethical implications of NFTs. We do think NFTs might have some interesting use-cases, such as academic institutions verifying transcripts and degrees of students to third parties (and Karen loves some of the silliness connected with many NFT offerings). If done fully with FOSS, we don't object to further research and consideration of how NFTs can be used for good purposes. However, we approach with skepticism the notion that financial derivative transactions should receive the primary use-case focus around new technologies, as has happened with NFTs. We should evaluate all new technologies first and foremost with a question of how they can improve the lives of the most disadvantaged and underrepresented individuals.
First Update on the Vizio lawsuit
byon November 30, 2021
Yesterday, we received from Vizio their first official response in our pending litigation against Vizio for their copyleft license violations. So, what was their response?
Did Vizio release the source code — as the GPL and LGPL require — for the modified versions of Linux, alsa-utils, GNU bash, GNU awk, BusyBox, dmesg, findutils, dmsetup, GNU tar, mount and selinux found in their TV’s firmwares? No.
Did Vizio propose a CCS candidate for us to review, provide them with additional feedback, so that we could help them get consumers who bought their TVs the source code they deserve? Nope.
Did Vizio argue that we had erred, and in fact, none of those programs we list above appear in their firmware? Not that either. (Unlikely though — after all, they surely know those programs are in their firmware!)
Instead, Vizio filed a request to “remove” the case from California State Court (into US federal court), which indicates Vizio's belief that consumers have no third-party beneficiary rights under copyleft! In other words, Vizio’s answer to this complaint is not to comply with the copyleft licenses, but instead imply that Software Freedom Conservancy — and all other purchasers of the devices who might want to assert their right under GPL and LGPL to complete, corresponding source — have no right to even ask for that source code.
That’s right: Vizio’s filing implies that only copyright holders, and no one else, have a right to ask for source code under the GPL and LGPL. While we expected Vizio held this position (since they ultimately ignored us during our discussions with them in years past), Vizio has gone a disturbing step further and asked the federal United States District Court for the Central District of California to agree to the idea that not only do you as a consumer have no right to ask for source code, but that Californians have no right to even ask their state courts to consider the question!
Vizio’s strategy is to deny consumers their rights under copyleft licenses, and we intend to fight back.
We believe in complete transparency of the copyleft compliance process, and so encourage everyone to read the filings. We’ve even paid the Pacer fees and used the Recap browser plugin, so that all the documents in the case are freely available via the Recap project archives.
Software Freedom Conservancy’s annual fundraiser is happening right now! Please help us continue our work by becoming a Sustainer. Donate now and have your donation matched by a group of generous individuals who care deeply about software freedom.
Trump's Social Media Platform and the Affero General Public License (of Mastodon)
byon October 21, 2021
An analysis: Trump's Group has 30 days to remedy the violation, or their rights in the software are permanently terminated
In 2002, we used phrases like “Web 2.0” and “AJAX” to describe the revolution that was happening in web technology for average consumers. This was just before names like Twitter and Facebook became famous worldwide. Web 2.0 was the groundwork infrastructure of the “social media” to come.
As software policy folks, my colleagues and I knew that these technologies were catalysts for change. Software applications, traditionally purchased on media and installed explicitly, were now implicitly installed through web browsers — delivered automatically, or even sometimes run on the user's behalf on someone else's computer. As copyleft activists specifically, we knew that copyleft licensing would have to adjust, too.
In late 2001, I sat and read and reread section 2(c) of the GPLv2. After much thought, I saw how it could be adapted, using the geeky computer science concept called a quine — a program that has a feature to print its own source code for the user. A similar section to GPLv2§2(c) could be written that would assure that every user of a copylefted program on the Internet would be guaranteed the rights and freedoms to copy, modify, redistribute and/or reinstall their software — which was done by offering a source-code provision feature to every user on the network. The key concept behind the Affero GPL (AGPL) version 1 was born. Others drafted and released AGPLv1 based on my idea. Five years later, I was proudly in the “room where it happened” when Affero GPL version 3 was drafted. Some of the words in that section are ones I suggested.
We were imagining a lot about the future in those days; the task of copyleft licensing drafting requires trying to foresee how others might attempt to curtail the software rights and freedoms of others. Predicting the future is difficult and error-prone. Today, a piece of Affero GPLv3's future came to pass that I would not have predicted back in November 2007 at its release.
I invented that network source code disclosure provision of the AGPL — the copyleft license later applied to the Mastodon software — in 2002 in light of that very problem: parties who don't share our values might use (or even contribute to) software written by the FOSS community. The license purposefully treats everyone equally (even people we don't like or agree with), but they must operate under the same rules of the copyleft licenses that apply to everyone else.
Today, we saw the Trump Media and Technology Group ignoring those important rules — which were designed for the social good. Once caught in the act, Trump's Group scrambled and took the site down.
Early evidence strongly supports that Trump's Group publicly launched a so-called “test site” of their “Truth Social” product, based on the AGPLv3'd Mastodon software platform. Many users were able to create accounts and use it — briefly. However, when you put any site on the Internet licensed under AGPLv3, the AGPLv3 requires that you provide (to every user) an opportunity to receive the entire Corresponding Source for the website based on that code. These early users did not receive that source code, and Trump's Group is currently ignoring their very public requests for it. To comply with this important FOSS license, Trump's Group needs to immediately make that Corresponding Source available to all who used the site today while it was live. If they fail to do this within 30 days, their rights and permissions in the software are automatically and permanently terminated. That's how AGPLv3's cure provision works — no exceptions — even if you're a real estate mogul, reality television star, or even a former POTUS.
I and my colleagues at Software Freedom Conservancy are experts at investigating non-compliance with copyleft license and enforcing those licenses once we confirm the violations. We will be following this issue very closely and insisting that Trump's Group give the Corresponding Source to all who use the site.
Finally, it's worth noting that we could find no evidence that someone illegally broke into the website. All the evidence available on the Internet (as of 2021-10-22) indicates that the site was simply deployed live early as a test, and without proper configuration (such as pre-reserving some account names). Once discovered, people merely used the site legitimately to register accounts and use its features.
Update (2021-10-22): Some have asked us how this situation relates to our Principles of Community-Oriented GPL Enforcement, since we are publicly analyzing a copyleft violation publicly. Historically, we did similarly with the Canonical, Ltd., Cambium, Ubiquiti, and Tesla (twice!) violations. We do believe that “confidentiality can increase receptiveness and responsiveness”, but once a story is already made widely known to the public by a third-party, confidentiality is no longer possible, since the public already knows the details. At that moment, the need to educate the public supersedes any value in non-disclosure.
How We Hired Our Last Employee: Equitable Hiring Processes for Small (and Large) Organizations
byon October 15, 2021
Like many small organization that are overloaded with work, it's hard to make the time to conduct a proper hiring process, and no one on staff is dedicated to making sure the process goes smoothly. Because it is very important to our organizational values to make sure that our hiring is fair and also that we wind up with the best person for the job, we were very careful in how we designed our search.
We finished our last hiring a few months ago. I'm proud of the way we handled the process, and I think it resulted in the best hire possible for the position. As I describe the process below, you can see how we worked to respect our applicants, interview while minimizing bias, and select for skills that were essential for the actual work to be covered by the open position. (There's a TL;DR summary at the end! Perhaps the most interesting part is that we paid people who made it to the final round to respect their time and to defray their costs of participating,)
A neutral and realistic job posting
We thought hard about our job posting, including a detailed description of the role. We were clear that we were open to hiring from a variety of backgrounds and were willing to train less experienced candidates. We worked to eliminate any gendered language or anything that we thought would create heightened requirements for the job, which can reinforce bias in the process. Finally, we were open to feedback, and when folks suggested that we include a narrow salary range to bring transparency and lower stress for our applicants, we added that too.
You can see the job posting we just put up for an Outreachy related position where we once again are following these principles.
Happily, for the position that we already hired for, we received around 40 really solid applications for the position - a really high number for an organization like ours, especially since we only advertised the position in limited ways.Initial screen by volunteer directors
After a very quick review of resumes to weed out the few applications that were spammers or otherwise not really targeted to our organization, we scheduled 15 minute screening interviews with two of our volunteer directors. We wanted to make sure that we added a layer of independent review that would otherwise be impossible in a small org like ours.
In order to make sure that we were comparing apples to apples, and giving everyone the same chance at success, the directors were given a set list of questions to ask. Because the role was about advocacy and communications, most of the questions were connected to explaining what software freedom is, and how the applicant became interested in it. The directors were also given a rubric to grade the interviews, both question by question and overall. The directors put their grades and thoughts about each candidate (along with any red flags) in spreadsheets so that we'd be able to access the information easily later. Spelling out what questions will be asked and how the responses willl be graded helps to eliminate bias that can come from an an interviewer and interviewee that "click" in ways that might be related to their background or shared experiences.
After the screening interviews, the bulk of the applicants were asked to participate in an anonymous exercise. The goal of having an anonymous exercise is to overcome any biases we might have for or against particular candidates. Each applicant was assigned a random string, and they were instructed not to put any personal identifying information in their answers.
We designed the exercise to reflect actual tasks we'd expect the new employee to take on, while providing some opportunities to brainstorm some big picture topics that could come up in the position. Writing emails to our organization's Supporters and member projects are key components of the job, so we created short hypothetical situations (that encompassed typical problems we need to address) and asked the applicants to write mock email responses. Because the role also has a public press and event organizing component, we asked applicants to write the beginning of a website news item and tell us a few things they thought were essential to run a successful in person event.
To respect our applicants time, we kept the exercise bounded. We expected it to take an hour or less, and asked the applicants send us their responses after an hour and a half, explicitly adding a little bit of extra time in case they were interrupted during the process. We also scheduled the exercises at the convenience of the applicant at any time during normal east coast business hours, since being able to coordinate with staff in the US was an important part of the role. We offered flexibility for applicants who could not make time during the workday during their existing role or had other obligations they needed to schedule around.
Conservancy staffers graded the responses on an anonymous basis, scoring each exercise. When this was completed, the graders met to compare their results. At this point, there were five applicants whose exercises stood out from the group. We de-anonymized them and cross referenced them to make sure that their screening interview scores were also strong and all of them moved to the next round.
At this point, I should note that I was surprised by the results. Long-time software freedom activists, whose work we know and respect, wound up not making it to our final group, whereas our final applicants included people who were new to software freedom, had never been in a communications role or who we simply hadn't met before. This final group consisted of people who showed the skill sets most likely to succeed in the position, not people who were already part of our network.
Because the exercise was anonymous, it was also easier to explain to the other applicants why we weren't advancing them to the next round, and I think (hope!) that it made it easier to preserve our relationships with the applicants who are truly excellent advocates for software freedom in a variety of other contexts.
Paying the finalists
Because we are a small organization, adding another employee is a big deal. We knew that to do this job right we were going to need to take some time talking to them to figure out if they were the right fit for the role. We also know that not everybody does their best when put on the spot in an interview, and wanted to make sure that we allowed people the chance to know what we'd be asking and to prepare if they wanted to. We didn't want to take our applicants' time for granted, even though we are a small publicly supported organization.
Because of this, we decided to pay each our five finalists $500 to proceed with the rest of the interview. While $500 is not a huge amount, we thought it was a nice amount for a charitable organization to give to an applicant who would dedicate some time and thought to our hiring process, which would cover strategic thinking about our organization's mission and operations in our communications and other related areas.
Again, we used the same questions with all candidates, and we provided them in advance of the interview, offering the applicants the option of providing written answers or just discussing them on the spot, whichever they were most comfortable with. We were trying to avoid a gamification of the interview process, while still getting insight into the thought process of the applicants. These questions included difficult ones about the software freedom community and also about Software Freedom Conservancy. Now that we knew these candidates were very strong in their ability to write quick emails and website copy, the idea was to bring some of the most strategic problems that we'd be looking to include the new employee in tackling.
Conducting final interviews
This step looked like a more traditional interview. Bradley and I scheduled video chats with the remaining candidates. We first had the applicants tell us their answers to the questions we had sent in advance and used those as a jumping off point for relevant conversation.
While all five candidates were strong in these interviews, three candidates had a mix of skill sets that seemed like the best fit for the role. For these three candidates, we scheduled an interview with Conservancy's staff in its entirety. Again, with a small organization, the addition of another person is a huge chance in organizational dynamics. Feedback from all employees was essential to making this decision.
Choosing the final candidate
In the end, going through the interview process and learning more about the job convinced one of the final three candidates that they were not really interested the role we were hiring for, which they understood much better through our hiring process. It was a tough choice between the two remaining candidates, but we were able to have confidence in Pono as our choice due to feedback from staff, the comparisons made possible by asking the candidates the same questions and the grading from the previous two rounds. If we'd had the budget, we would have hired all three of these final candidates.
Feedback on the process
Each of the finalists were surprised that we were willing to pay them for their time. For some of the applicants, being paid to participate gave them the flexibility to devote more time to their interview preparation. We were happy we were able to show our appreciation for the impressive applicants who were willing to give us so much of their time.
We also got positive feedback on the anonymized exercise. Because the exercise gave insight into how some of the every-day work in the position would look, it made it easier for some of the candidates to decide if they wanted to actually work in that role. In addition to the benefit I mentioned above about the anonymization making it easier to explain who would advance to the next round, some applicants indicated that making it to the final round via an anonymous exercise gave them confidence that they were qualified for the position.
For future hiring, we'll be looking to bring the same concepts to the process. Namely:
- bring in an independent review of the candidates
- ask all of the candidates the same questions
- design an exercise that connects to the actual work the employee will be doing in the role
- judge the exercise responses on an anonymous basis
- keep the time required for applicants to invest in the interviewing process as minimal as possible
- pay applicants who are required to invest more substantial time in the process
Many thanks to all of Conservancy's staff who helped us with this process (Rosanne Dimesio, Bradley Kuhn, Sage Sharp, Brett Smith), and to Deb Nicholson who helped bring some of these concepts to our previous hiring process.
Outreachy is hiring for a community manager position and using some of the strategies listed above. If you or someone you know if interested in applying for the community manager position, check out the post here.