No To “No Hacking” Clauses

Trying to ban clever hacks in an open source licence is not OK.


A correspondent asks about the Open Source Definition (OSD):

“Does OSD 6 mean I can’t include a clause in a new open source license that prohibits hacking?”

Yes, you are correct – that’s called a “field of use restriction” (FoU) and copyright licenses that contain field of use restrictions are not approved as open source. Open source licenses are for guaranteeing software freedom, nothing more or less.

OSD 6 says:

The license must not restrict anyone from making use of the program in a specific field of endeavor. For example, it may not restrict the program from being used in a business, or from being used for genetic research.

Here are three explanations why OSD 6 is a wise condition to apply to copyright licenses before OSI will approve them as open source licenses:

1. Irregular Verbs

Attempting to prohibit “hacking” is a great illustration of the first problem with FoU in licenses. The word refers to a clever and unorthodox approach to solving a problem, and it’s used widely both to talk about going good things and bad things. “Someone thought of a hack to get rid of that malware from your phone without a factory reset” is a great thing, while “someone hacked into your computer and stole all your bitcoins” is a bad thing. To “hack” is morally neutral; “hacking” is subjective.

Now, I’m sure you just meant things like the second example when you said you wanted to prohibit hacking. Imagine you managed to find a way to prohibit hacking and that stopped the someone whose hacks were making things better. While humanity has a high degree of agreement about what’s right and what’s wrong at the macro level, the devil is in the details. To borrow from Yes Minister, “to hack” is an irregular verb: I innovatively solve a problem, you hack, he violates the Computer Fraud & Abuse Act.

At the level of details there are plenty of cases you don’t think of, even without the problem of disagreeing about what’s good, what’s bad and what’s evil. Moreover, views change over time, and the meaning of language changes. Together, those make subjective restrictions a hostage to fortune.

2. Copyright Solutions For Copyright Problems

Secondly, copyright licenses are places to solve copyright problems. The world is being made worse by people trying to use them to fix business models (for example by tacking on bans on third party printer toner, or DRM locks on books) and trying to ban “hacking” is no better.

More specifically, the copyright problems you should be solving (and the patent problems being solved with patent licenses) are ones that guarantee software freedom. It has been said that open source licenses are the “constitutions of communities”. They are the multilateral agreements that guarantee the freedoms a group of developers and users need to protect each from each other. Since your project is highly unlikely to exist in isolation, you probably shouldn’t be writing a new open source license anyway.

More than that, illegal behaviour doesn’t need license terms to prohibit it as it’s already illegal! Can you imagine someone already facing jail time under the CFAA pausing because they are worried about infringing your copyright license? No, neither can I.

3. Permission In Advance

Thirdly, open source licenses should grant permission in advance and create confidence that the developer or user can proceed without seeking further approvals. That’s also the reason behind OSD 7:

The rights attached to the program must apply to all to whom the program is redistributed without the need for execution of an additional license by those parties.

Adding any subjective restriction automatically creates doubt for developers, especially if they are corporate employees. They will need at a minimum to stop and ask their manager what the restriction means in their context, and that in turn is likely to be referred to a legal advisor. Even if the answer is “go ahead” the need to ask permission will be enough to chill use and stifle innovation.

The OSD tries to to prevent this and promote the granting of permission in advance to use, improve and share software for any purpose. Permission in advance is responsible for the whole open source phenomenon. So OSI won’t let you add a clause to a license that denies it. No matter how cleverly you word it.


(This Explainer was made possible by Patreon patrons. Please consider joining them!)