The Problem Of Software Licensing

This wasn’t a request, just a personal debate of mine.

Meet the main contenders. On the one hand, we have the likes of DRM: making it difficult not only to pirate their software, but to use it legally after you’ve legitimately bought it.

On the other hand, we have Richard Stallman and the Four Essential Freedoms:

• The freedom to run the program as you wish, for any purpose (freedom 0).
• The freedom to study how the program works, and change it so it does your computing as you wish (freedom 1). Access to the source code is a precondition for this.
• The freedom to redistribute copies so you can help your neighbor (freedom 2).
• The freedom to distribute copies of your modified versions to others (freedom 3). By doing this you can give the whole community a chance to benefit from your changes. Access to the source code is a precondition for this.

Paul Graham also has an essay that’s pretty sympathetic to Stallman, although it doesn’t explicitly agree with him on the points mentioned above. It simply takes a stand against DRM and restrictive copyright licensing.

I don’t fully agree with either of these. I agree with PG, and my views are closer to Stallman’s side, but I also think the freedoms Stallman considers essential would prevent people from being able to profit from writing software. As someone who plans to profit from writing software as a living, this puts me in a bit of a dilemma.

The main problem, as I see it, is that software “piracy”–the act of seeing a developer (or any digital creator, such as a music artist) selling their work for an amount of money, and choosing to deny them reimbursement for their work and for making your life easier by downloading it elsewhere even if you could have paid for it fairly–is not taboo.

I can sympathize with so-called piracy (which, I agree with Stallman, is a pretty strong word for something that isn’t always bad) in the case where one actually doesn’t have the money. I don’t care if high school students want to grab something I made from a torrent site or whatever instead of… not paying for it and not benefiting from it, which is their other option. I want to help people with my software. I also sympathize when the software is patently overpriced. (Photoshop, I’m looking at you. You’re worth, like, fifty bucks… not two hundred.)

So, what constitutes “bad” piracy? Is “good” piracy even piracy? It’s clear the issue isn’t black-and-white. To me, the license applied to software needs to consider critically precisely which behaviors are to be prohibited, and which ones allowed.

I ran a quick Google search and found a post on debate.com entitled “Is internet piracy a bad thing?” There’s some intelligent discussion going on about the benefits and costs of piracy in general.

Here’s one against piracy:

Internet piracy is theft.

Internet piracy is not as bad as stealing something physical, such as a CD or DVD, as no one lost money from the physical creation of the item, but, it is still theft, and still bad. While it may not be physical, the parallels are unquestionable. In both situations you are getting something for free that has cost others lots of time, money and effort to build. Films especially cost huge amounts to make, often hundreds of millions of dollars, in exactly the same way to how it costs someone to create a handbag or a car. If internet piracy was not an option, you would either not watch said film, or buy it, giving the creators money and consequently payment for their efforts. However, as internet piracy is an option, there is no motivation for people to pay. If everyone pirated this would mean that all films would result in major losses, and film/computer programme/music would all become charitable things relying on donations to be made. Instead, the current situation is some people pirate, and others pay the proper price, giving the creators the money they deserve. But that itself is unfair, as why should some have to pay while others do not? No matter how people twist it to justify what they are doing, despite the fact internet piracy is not stealing something physical, it is still theft, you are not stealing from a shop owner or item-owning citizen, but you are stealing from the creators of whatever you pirate.

Here’s one that says piracy is sometimes okay:

It isn’t [a bad thing], within limits.

Lets say a movie isn’t available in your country. Maybe it will be- in a few months or so (in a cut and extra-less version), but your friends from overseas are already touting how good it is. Perhaps there’s a game that’s two times more costly in your region than anywhere else in the world. It could be that you’ve been screwed over by DRM and locked out of your *legally purchased* software (very, very frustrating, and it really bothers me when a pirated product is *better* and *easier to use* than the legal one, because it doesn’t have the damned DRM) It might be you have your wallet ready, but the software is prohibitively expensive. Say you’d love to pay to watch those episodes of Game of Thrones, but you really don’t want a full HBO subscription. There are instances in which piracy is justified- it can be a means of protecting consumers from bad industry practices, like overpricing, awful DRM (screws over only paying consumers!) or idiotic distribution practices.
Of course, piracy is terrible if it means profiting from someone’s work, plagiarism, or not paying for something you could have reasonably easily obtained legally.

I agree with both, as you might have gathered. I didn’t write either, however.

I’d like to call attention to the last line of that second one:

“Of course, piracy is terrible if it means profiting from someone’s work, plagiarism, or not paying for something you could have reasonably easily obtained legally.”

This lists three things (really, two behaviors) that are to be prohibited:

1. Plagiarism, which we can probably all agree is awful;

2. Benefiting from someone else’s work without giving them the payment they’ve asked for, if you could have reasonably obtained it legally.

This is my view in a nutshell. I think it’s a lot of people’s views in a nutshell. Now, the question is how to keep those behaviors from happening, because I think the current measures are far too restrictive. There must be a better way to do this.

To prevent both of those things, most software companies only distribute binary files. They don’t distribute source code, because a) their competitors could see how their software worked and copy it, and b) it would be easy to illicitly redistribute their programs by just releasing the source code to the Internet. Many software providers also prevent redistribution of their binaries by trying to locate and eradicate sites which distribute them illegally.

Windows, notably, does not do the latter. Not because Microsoft is somehow more noble… they’ve just found a way around the latter concern. Windows copies only work if you have a product key. I think this is a hint as to how we could get things to work.

Another hint is Mac OS X. Part of the code is open, and the other part is closed-source. I consider this fairly acceptable, although it definitely isn’t a perfect solution.

A third hint is actually Chrome OS. Most of that OS’s software is cloud-based. You need server support to run it.

These three hints, working together, can fight at least the second behavior.

If your software is cloud-based, you can open up most of your code. This is because if your software is cloud-based, you can make your users pay for an account to log in to the server, or a product key.

The first option (access through accounts) is basically how Google Play works! (At least on mobile phones.) And as we’ve found, that works pretty well. 🙂 I, at least, haven’t heard much about pirating apps. I’m sure it happens, but not much. I wouldn’t expect it to pick up just because the source became available, either, unless the price of the software exceeded the price of publishing an app to Google Play (about $20, I think) and supporting it. And if it’s cheaper to reproduce and maintain on your own (something crackers are highly unlikely to do, let alone do well), that probably means the original was far overpriced.

The second option (which you have to take if you aren’t providing server support–i.e., if it’s a piece of desktop software) requires making part of your code closed-source. Namely, the part that requires your users to need a product key. The problem here is that if you distribute that binary in the middle of untainted source, piracy-minded folks will just strip it out of your package and use the rest of your source code. So maybe you have to hide your main method or close off one feature that it’s inconvenient not to have, thus making it inconvenient to pirate your software.

(A nasty/fun hack one could try as an alternative to this would be to program the product-key-requirement code in Whitespace or something. Crackers, on the whole, wouldn’t be smart enough to catch on.)

[Edit: A note on product keys. I object to product keys and licensing that say you can only run the program on one machine. I think the legal qualifier should be that you’re licensing the program to one person, not one computer, and deal with licensing for institutions like schools and businesses separately (this, I think, is how the current model came about). Licensing to a person is pretty painless on both sides. Having a user sign into an account which includes their billing data in order to access their program seems pretty effective; at most you get them sharing with close friends and family, which helps (marketing) more than it hurts.]

I think a lot of big corporations would object to this idea, though. They’d be worried about their competitors accessing their code and copying it. Indeed, I’d start off being nervous about putting tinypapers out there like that, at least right now.

The trick is that you have to have a brand and a following first. You have to be recognizable. Furthermore, your users have to like and be loyal to you. If someone else stole Photoshop’s code, even if they had no patents, people would probably recognize that it was stolen Photoshop code. However, a lot of hackers would go, “Hey, awesome, we don’t have to support Adobe.” Adobe has had a history of producing crummy, overpriced software–Flash and Dreamweaver certainly come to mind. Photoshop isn’t crummy, but it is overpriced.

Whereas if I were to establish a brand with tinypapers–make it well-known and recognizable–I’d be more likely to have a good relationship with my users. I can afford to listen to what they’re saying they want. I can afford to give them spectacular customer service. I can afford to start fixing a bug the hour they report it–perhaps even while they’re on the phone with me. I also don’t have a history of ripping them off, and don’t plan to sell my app for more than a dollar or two–more probably, though, I’d distribute a free version first with one line of simple text ads per page–and charge more for server space if/when that becomes a thing.

At that point in my business, assuming (hoping!) I get there, anyone trying to copy me would most likely be ignored, because my users by then would like me too much. The competitor also have to learn to use the tools I’m using, which not many people know how to do, so I have a head start. Because I’m young and not tied to a programming language, I don’t hesitate to learn a new framework like Kivy, even though it’s a steep learning curve.

There would be a trade-off to opening up my code: many companies would not want to buy tinypapers. But I think those would probably be miserable companies to work for, so maybe that’s a good thing. It also might make it harder to get investors. But if those investors care more that my code is open than whether users like my product, they’re probably dumb investors.

It’s tempting to open up my code on GitHub now. I really like the open-source development methodology, the community surrounding GitHub, and the version control software itself. It’s tempting to think that my repo wouldn’t be seen by much of an audience at first anyway. But I think, for prudence’s sake, I’ll hold off for now. It’s kind of a dumb idea to let potential competitors know that much about a larval startup.

I’d really like to hear your opinions on this, readers. Honestly, I’d especially like Paul Graham’s opinion, because he’s seen so much of the landscape I’m talking about and has good powers of analysis (and I’d like to see a more recent essay of his about it). I’ll try emailing him, but he’s probably really busy. Nevertheless, my habit of bugging people I admire hasn’t done me any disfavors yet. 😉

ESR, if you happen to be reading this, I’d really appreciate your comments too. You’ve probably heard a lot of discussion on this topic, and generated quite a bit of it yourself.

Edit: Other Thoughts

It was observed by ESR in “Cathedral and the Bazaar” that repositories which encourage others’ contributions to their code have fewer forked projects running from them; changes got incorporated into the main branch rather than spinning off into their own projects.

It occurs to me, then, that if a startup were to open up their code, there is a way to prevent certain competitors–the ones who are at least partially driven by wanting to make better software. A hacker may look at a commercial application, think, “I can do better than this,” and write his own, thus becoming a competitor. But if the application’s source is open, and the people running the business behind it aren’t territorial about their code, he can apply as a sort of temporary consultant for whatever feature he wanted to program in. Basically, he could program in the feature, and offer it to the company with an estimate of what he thinks it’s worth (maybe $50-$2000 if it’s somewhere from a little bug fix to a neat but not huge addition, or he could ask for stock if it’s particularly large). Then the company could accept or reject it, or negotiate price if necessary. Since they (hopefully) know their users better than J. Random Hacker does, their decision would probably be respected.

This would also solve the hiring problem many startups face! Anyone who provided a few good fixes or features like this would be a very promising candidate. And of course it would make the company’s software better, which is always excellent.

Big companies buy startups for their software (the basis of their market) and their people. Why can’t startups buy code chunks and job candidates?