Structuring the FLOW of Responsibility

Learning Outcomes: Participants will advance their understanding of conceptual and operational perspectives on a diversity of agreement types associated with the distribution of intellectual resources. Operational methods such as licensing, contributor agreements, employment contract clauses and compliance verification solutions are framed in relation to the new ISO 19600 Guidelines on Compliance Management Systems.  All of this is first grounded in a bedrock theory of responsibility.

Conceptual Foundations of Responsibility

Theory of Responsibility

• Responsibility (Internet Encyclopedia of Philosophy) http://www.iep.utm.edu/responsi/
• A Bibliography on Responsibility http://scholarship.law.duke.edu/cgi/viewcontent.cgi?article=3868&context=lcp
• Whodunnit?
  • Excerpt from Hart, H.L.A. 1949. The Ascription of Responsibility. Proceedings of The Aristotlean Society.
  • Hart's Critics on Defeasible Concepts and Ascriptivism http://www1.cse.wustl.edu/~loui/ail2.pdf
• The Principle of Subsidiarity (in the context of nested hierarchies)
• Chain of Responsibility
  • In a non-IT context (freight transportation) https://www.nhvr.gov.au/safety-accreditation-compliance/chain-of-responsibility
  • In an IT context (GPLv2 violation) http://opensource.com/law/13/7/fantec-german-foss-compliance
    —  Regional Court Hamburg judgement against FANTEC http://gpl-violations.org/news/20130626-fantec_judgement.html
• Create a Culture of Responsibility http://www.inc.com/peter-economy/create-culture-of-responsibility.html

Management of Responsibility

A Documentation Specification: Software Package Data Exchange (SPDX)

• Licensing and Packaging FOSS with SPDX (Video) https://fosdem.org/2014/schedule/event/spdx/
• Software Package Data Exchange (SPDX) http://spdx.org/
• SPDX Vocabulary Specification http://spdx.org/rdf/terms
• A Common Software Package Data Exchange http://www.linuxfoundation.org/sites/main/files/publications/lf_foss_compliance_spdx.pdf

A Compliance Management Process: ISO 19600

Note: An adaptation of ISO 19600 to FLOW development methodology remains to be described. References in this section are, at present, only based on the generic compliance management system guideline.

• Development of an ISO Standard on compliance management http://www.nen.nl/web/file?uuid=ee11eb45-59bb-41e5-805c-464ad42cfb98&owner=ea37f954-bd1b-41bd-bbf5-df167fd313d8
• Foreword & Introduction to ISO 19600 (Excerpt): http://infostore.saiglobal.com/store/PreviewDoc.aspx?saleItemID=2672998
• Development of a Global Standard on Compliance Management http://www.esv.info/download/zeitschriften/BUCO/leseprobe_2.pdf
• ISO 19600 Compliance Management Systems: Guidelines (Note: ISO documents are not Free/Libre/Open) http://www.iso.org/iso/home/store/catalogue_tc/catalogue_tc_browse.htm?commid=4395782
• ANSI 2013 Refresher Counse on "Changes to the ISO Directives" http://www.standardslearn.org/Presentations/ISODirectivesUpdates2013/2013-ISO-Refresher-Course.pdf
• Questioning Copyrights in Standards http://www.law.berkeley.edu/faculty/profiles/facultyPubsPDF.php?facID=346&pubID=169
• Visualizing the Reduction of Uncertainty and Management of Risk with Time/Effort Invested in Compliance Management

Management of Intellectual Provenance (IP) Responsibilities

• Intellectual Provenance
• W3C PROV Family of Documents
  — An Overview of the PROV Family of Documents: W3C Working Group Note http://www.w3.org/TR/prov-overview/
  — A Free/Libre/Open Source Implementation of W3C-PROV in Taverna Workflow Management System http://www.taverna.org.uk/documentation/taverna-2-x/provenance/

• Operational Aspects of Intellectual Provenance Management (DRM)
  • Management Methods and Processes
    — Electronic Discovery in Canada: Best Practices and Guidelines http://www.cch.ca/_resources/pdf/ebook/b109.pdf 
  • Open Digital Rights Language (ODRL)
    — Resource Description Framework (RDF) http://www.w3.org/RDF/
    — ODRL Community Group http://www.w3.org/community/odrl/
    — Describing Copyright in RDF http://creativecommons.org/ns#
    — Introducing RDF for GNU Licenses http://www.fsf.org/blogs/licensing/2009-06-rdf  See: http://www.gnu.org/licenses/gpl-3.0.rdf
  • eXtensible Rights Markup Language (XrML)
    — A Formal Foundation for XrML http://www.cs.cornell.edu/home/halpern/papers/xrml.pdf
    — XrML Reference Implementation:
    — MPEG-21 Rights Expression Language http://mpeg.chiariglione.org/standards/mpeg-21/rights-expression-language
    — MPEG-21 Rights Data Dictionary http://mpeg.chiariglione.org/standards/mpeg-21/rights-data-dictionary

• Discussion: A company, foundation or project community benefits in several ways when it puts in place an Intellectual Provenance (IP) compliance management process aligned with the ISO 19600 Guidelines:
  • The effort demonstrates tangible "due diligence" in any potential litigation process;
  • This makes it much easier, faster (and thus less expensive) for your lawyers to help you in the event of litigation;
  • Multiple parties can more easily adopt a shared compliance management process:
    • Different organizations involved in commons-based peer production;
    • Different sections/departments within an organization.
  • Sustainable innovation is enhanced with responsible risk management, since team-members know what is in and what is out of bounds.

Licensing: The Delegation Responsibility

The Main Currents of FLOW Licensing

"Similarities; Differences; Choices; Trends; Linkages to Other Types of Agreements"

• "License Haiku" http://www.aaronsw.com/weblog/000360
  • A Spectrum of FLOW Licenses
  • License Proliferation http://www.rosenlaw.com/pdf-files/LicenseProliferation.pdf 
  • Google says no to license proliferation (3-part series) http://www.zdnet.com/blog/burnette/google-says-no-to-license-proliferation/192
  • List of Licensing Tools http://wiki.opensource.org/bin/view/Projects/List__of__Licensing__Tools
    
  • Telekom Open Source License Compendium http://dtag-dbu.github.io/oslic/releases/oslic-0.98.1.pdf  (About: http://dtag-dbu.github.io/oslic/ )
  • Comparing Free/Libre/Open Licenses http://www.tldrlegal.com/browse
  • Schematic representation of license directionality http://www.ploscompbiol.org/article/info%3Adoi%2F10.1371%2Fjournal.pcbi.1002598
  • Five Permissive Licenses Side-by-Side 
  • Apache License v2.0 and GPL Compatibility http://www.apache.org/licenses/GPL-compatibility.html
    — A patent license that is GPL compatible: Firestar Software v. Redhat http://www.redhat.com/f/pdf/blog/patent_settlement_agreement.pdf
    — Explanation of the Firestar Software v. Redhat Settlement http://www.groklaw.net/articlebasic.php?story=20080715054748526
  • CC BY-SA 4.0 now one-way compatible with GPLv3 https://creativecommons.org/weblog/entry/46186
  • Can Mozilla Unify Open Source? http://www.computerworlduk.com/blogs/simon-says/can-mozilla-unify-open-source-3569569/
  • A Guide to the Legal Documentation for Eclipse-Based Content http://www.eclipse.org/legal/guidetolegaldoc.php
    — The Eclipse Legal Process www.eclipse.org/legal/EclipseLegalProcessPoster.pdf
  • Choosing a Software License (In: A Quick Guide to Software Licensing for the Scientist-Programmer) Scroll half-way down in: http://www.ploscompbiol.org/article/info%3Adoi%2F10.1371%2Fjournal.pcbi.1002598
  • FOSS Licensing http://en.wikibooks.org/wiki/FOSS_Licensing
  • A Legal Issues Primer for Open Source and Free Software Projects http://www.softwarefreedom.org/resources/2008/foss-primer.html
  • Why the Public Domain Isn't a License http://www.linuxjournal.com/article/6225

Dual/Multi Licensing Options (for individual commits and for whole projects)

• Maintaining Permissive-Licensed Files in a GPL-Licensed Project: Guidelines for Developers http://www.softwarefreedom.org/resources/2007/gpl-non-gpl-collaboration.html
• Challenges with Hybrid Protection Models http://www.iprinfo.com/julkaisut/verkkojulkaisut/ipr-series-b/fi_FI/proprietary-softvare-vs-foss-b4-ballardini/_files/88735925433140131/default/B4_Ballardini.pdf
• Understanding GPL Exceptions
  — Sample License Notices http://www.gnu.org/licenses/gpl-faq.html#GPLIncompatibleLibs
  — On Selling Exceptions to the GNU GPL http://www.fsf.org/blogs/rms/selling-exceptions
  — GCC Runtime Library Exception http://gcc.gnu.org/onlinedocs/libstdc____/manual/license.html

The FLOW Subscription Model

• Open Source Procurement: Subscriptions http://blogs.computerworlduk.com/simon-says/2011/03/open-source-procurement-subscriptions/index.htm
• Open Source Business Innovation and the Subscription Model http://stephesblog.blogs.com/my_weblog/2007/08/open-source-bus.html
• Why Subscriptions? http://www.redhat.com/about/whoisredhat/subscriptions.html
• Open source procurement: Indemnity http://opensource.com/law/11/2/open-source-procurement-indemnity
• Indemnification Parameters. In: Open Source Software Issues in Commercial Transactions http://about.bloomberglaw.com/practitioner-contributions/open-source-software-issues/
• Google Glass: Something like a Subscription

License Compliance Verification

Policies and Approaches for License Compliance Verification

• Compliance Guides from The Linux Foundation http://www.linuxfoundation.org/publications/compliance
• The (Telekom) Open Source Compliance Advisor http://opensource.telekom.net/oscad/
• The Open Source License Compendium Manifesto http://dtag-dbu.github.io/oslic/
• Useful Compliance Tips For Vendors http://fsfe.org/projects/ftf/useful-tips-for-vendors
• A Practical Guide to GPL Compliance http://www.softwarefreedom.org/resources/2008/compliance-guide.html
• Common Mistakes in GPL License Compliance ?http://gpl-violations.org/faq/vendor-faq.html
• GPL Software Certification Program http://www.fsf.org/licensing/compliancelab.html
• Maintaining Permissive-Licensed Files in a GPL-Licensed Project: Guidelines for Developers http://softwarefreedom.org/resources/2007/gpl-non-gpl-collaboration.html
• Reporting and Fixing License Violations http://fsfe.org/projects/ftf/reporting-fixing-violations
• IT Policy Compliance for Dummies http://www.qualys.com/forms/ebook/it-policy-compliance-for-dummies/

Technical Analysis of FLOW License Compliance Verification

All of the solutions listed below are themselves provided under FLOW licenses. 

Binary Analysis Tool: The Binary Analysis Tool (BAT) is a modular framework that uses the same approach applied by gpl-violations.org to discover issues in consumer electronics. It can open many types of firmware, detect Linux and BusyBox issues, and report outcomes in XML format. It also features knowledge-base support to allow high fidelity customization for advanced users. BAT is available for free under the Apache license so that everyone can use, study, share and improve it. The project frequently adds new features.
Website: http://www.binaryanalysis.org

Code Janitor Tool: The Code Janitor is a tool released by the Linux Foundation that helps to search source code to make sure that developers did not leave comments that might reveal future products, product code names or discuss competitors and their products. It maintains a database of keywords to scan for, and can be customized as necessary. It is available without charge. Website: http://www.linuxfoundation.org/programs/legal/compliance/tools

Dependency Checker Tool: The Dependency Checker is a tool released by the Linux Foundation that helps identify source code combinations that will lead to dynamic and static linking, and in the context of a license policy framework can create a list of items that need to be flagged before products are released. Website: http://www.linuxfoundation.org/programs/legal/compliance/tools

FOSSology: FOSSology started as an internal project at HP to support governance processes. It is a tool that analyses all the files in a project and reports on the licenses used, basing its results on license declarations and tell-tale phrases. It also has the ability to scan for copyright notices, email addresses and URLs, allowing users to create custom reports. The project is hosted by the Linux Foundation, is available as Free Software, and is maintained in both English and German by developers from HP and other organizations. Website: http://fossology.org

Ninka: Ninka is a lightweight license identification tool for source code. It is sentence-based, and provides a simple way to identify open source licenses in a source code file. It is capable of identifying several dozen different licenses (and their variations). It has been designed to be lightweight, fast and to avoid making errors. It is available under a Free Software license. Website: http://ninka.turingmachine.org

CORAS: Model-Driven Risk Analysis (CORAS Integration Platform, licensed LGPLv2)
http://heim.ifi.uio.no/~ketils/kst/Others/021008.platform-poster.pdf

FLOW Contributor Agreements

• Project Harmony: Contributor agreements for free and open source software http://www.harmonyagreements.org/
• The trouble with Harmony http://opensource.com/law/11/7/trouble-harmony-part-1 and http://opensource.com/law/11/7/trouble-harmony-part-2
• OpenStack Project Individual Contributor License Agreement https://review.openstack.org/static/cla.html and OpenStack: How To Contribute https://wiki.openstack.org/wiki/How_To_Contribute
• NDA Program Confidential Disclosure Agreement for Contributors, The Linux Foundation http://www.linuxfoundation.org/images/2/2e/NDA_contributors.pdf
• Linux Foundation's Generic Open Source Review Board Contribution Form http://www.linuxfoundation.org/publications/compliance/generic-osrb-contribution-form
• LLVM Developer Policy http://llvm.org/docs/DeveloperPolicy.html
  — LLVM comments on "Copyright, License, and Patents" http://llvm.org/docs/DeveloperPolicy.html#copyright-license-patents
  — University of Illinois/NCSA Open Source License http://opensource.org/licenses/UoI-NCSA.php
  — FSF Comments on the University of Illinois/NCSA Open Source License http://www.gnu.org/licenses/license-list.html#NCSA
  — FSF Comments on the Modified (3-clause) BSD License http://www.gnu.org/licenses/license-list.html#ModifiedBSD

FLOW in Employment Contracts

• Who Owns Copyright at Work? http://zvulony.ca/2010/articles/intellectual-property-law/copyright-law/copyright-at-work/
• Who Owns the Intellectual Property: The Employee or the Employer? http://www.lmlaw.ca/who_owns.pdf
• Sign on the Dotted Line: NDAs and Free and Open Source Software http://faif.us/cast/2011/apr/12/0x0D/ (See slide deck at http://faif.us/cast-media/FaiF_0x0D_NDAs.odp )
• Contracts for people to work on Open Source Software http://andrew.mcmillan.net.nz/foss_friendly_employment_contracts
• Beware Employment Contracts http://developers.slashdot.org/story/02/03/21/0139244/beware-employment-contracts?sdsrc=rel