Hacker News new | comments | show | ask | jobs | submit login
Ask HN: Software licensing excluding military use?
59 points by atroyn on July 27, 2017 | hide | past | web | favorite | 71 comments
I have a piece of software in the robotics / computer vision domain I'll be open sourcing soon. I want to prevent any military from legally using it (I know that if they find it useful, they'll just use it anyway - that's not the point).

Does anyone know of a well behaved license that has this feature?

EDIT: I understand that restricting usage would make this not 'free as in speech' software, however I don't really mind.

Further clarification: I mean use by a military organisation for any purpose. If it makes it (somehow) into accounting software used for running military procurement/payroll or medical devices used in a military hospital, I also want that to be against the license.




What does "military use" even mean?

E.g. Armies operate hospitals for it wounded soldiers. Can your software be used in an army hospital?

E.g. What happens if private company ABC Inc. Is using your software, and then they are contracted by the military to perform work - is that allowed? You say you "want to prevent any military from legally using it" - who's using your software in this situation ... the military or private company ABC?

EDIT: and even if you figure out the exact language to restrict military use, how do you enforce it and what are the consequences of breaking it?

EDIT2: Linked below is an example to restrict military use. Note though, it's so broad reaching that it might scare away even non-military organizations for using your software. And it still doesn't address how you enforce such license. So there's lots of questions about the applicable of this example license. http://web.cs.ucdavis.edu/~rogaway/ocb/license2.pdf

EDIT3: the problem you are going to have is that you're breaking a fundamental principle of open source software. And that is that anyone can use your software so long as they do so based on your stipulations. What you want to do is restrict who can even use your software. Read the FAQ for "what is open source software". https://opensource.org/faq


> What happens if private company ABC Inc. Is using your software, and then they are contracted by the military to perform work

This would likely fall under normal contract negotiation due diligence. You don't accept a contract to use a piece of software that you aren't legally allowed to use on that contract. Violating that would be ABC Inc.'s problem (though it would obviously affect the contractee). Thus, the status of your various software licenses needs to be tracked.

I worked with a vendor that had issues like this. They would need to "firewall off" not only data but also employees who were working on or with data or software that could not legally be used on another contract. This extended to seating assignments in their cubicle farm, where some people could not sit near other people who were working on conflicting contracts. The onus of staying legally compliant was taken very seriously.


> E.g. Armies operate hospitals for it wounded soldiers. Can your software be used in an army hospital?

This is clear cut military use. I'm not sure why this is an example of ambiguity.

For private company it's up to their lawyers. I'm sure this is in part of why this is being done to make it harder for companies to support the military.

>how do you enforce it

This is addressed in the comment? Besides which internal company lawyers will enforce it and perhaps somewhere along the line it'll be so blatant somewhere a lawyer will take up the cause and get OP a lot of money.


> > E.g. Armies operate hospitals for it wounded soldiers. Can your software be used in an army hospital?

> This is clear cut military use. I'm not sure why this is an example of ambiguity.

But what if the hospital also treats sick civilians if they have capacity. Is it then allowed to use the software when treating civilians?


No, I would prefer that the license not allow it.


Then I will continue my socratic dialogue: We now have a civilian hospital that also treats soldiers if they have capacity. Should it be allowed to use the software when it treats a soldier?


Proprietary licences give you the most control. You as the licence holder would simply refuse to grant a licence to any party involved in matters you do not condone. You could add an EULA that explicitly states this, and have legal staff at hand to follow up on any misuse. This is a costly option though.

Free software licences are not an option. Forbidding specific use of your software goes against the intent of the commonly accepted free software licences — you would run afoul of freedom 0:

> The freedom to run the program as you wish, for any purpose¹

There probably exist other open source (but not free software) licences that do limit the audience, but you probably won't be able to enforce them, and they tend not to be taken seriously. You would on the other hand frustrate users outside of the military who want to legally use your software in ways normally permitted by free software licences — e.g., by reusing parts of it, forking it, combining it with other free software, etc.

Lastly, the absolute sure-fire way of preventing any military use of your software is not releasing it at all.

I don't think it's worth the hassle to add such a clause. If the point is not to actually prevent its use, but to make a statement, then make a statement on the project's homepage and in the documentation. It will have the same effect without resorting to weird software licences, and you can choose a well-known free software or merely open source licence.

1: https://en.wikipedia.org/wiki/The_Free_Software_Definition


The open source license doesn't have to discriminate if the author has 2 licenses from the start.

1) License one grants all open source rights to individual use.

2) Government and state-level entities require a commercial license to use it.

Just don't mention the military.

When the government requests a license, ask what it is ifor. If it's for hospitals or charity, give the license.

If it's for one more war waged for bankers, then tell them the license is 2 billion dollars.


> 1) License one grants all open source rights to individual use.

> 2) Government and state-level entities require a commercial license to use it.

"all open source rights" implies freedom 0: "The freedom to run the program as you wish, for any purpose".


Does OP require the license to be OSI approved?

Why can't he have his own license like Qt has? They have free version for individuals and paid version for commercial use.


> Why can't he have his own license like Qt has? They have free version for individuals and paid version for commercial use.

The free version of Qt can also be used for commercial purposes - otherwise this would violate freedom 0. The paid version is for people who prefer different license terms instead of the imposed open source terms.


He could make a non-free (i.e., violating the four free software freedoms), non-OSI approved open source licence that does this, but it wouldn't be as permissive as you would probably want it to be, and it wouldn't be compatible with licences that are.


IANAL, but I guess license one would still not be free software, and might still be incompatible with, say, the GPLv3. So you might still prevent non-military individuals from using your code.


David Crockford puts a "don't use this for evil" clause in the license for all software he releases, creating some interesting situations: https://www.youtube.com/watch?v=-hCimLnIsDA (2:44 and worth it)


Very interesting, and in more or less the vein I'm after.


Thank you for that!


As a former DoD contractor and someone who has spent the majority of his life around the US military [1], I have three points:

1) The majority of the DoD struggles to get permission to use open source software. There are plenty of developers, DBAs, and IT technicians who would love to use some piece of software that they are not allowed to use specifically because it is open source. I once spent 11 months trying to get approval to use a single Google-produced library. I was unsuccessful.

2) Related to the above, agencies responsible for approving software for use are very concerned with licensing issues. After all, they are used to negotiating licensing terms for multi-million dollar contracts. The fact that OSS essentially guarantees that you have no one to call [2] when you have an issue (for the entire lifespan of the project) is a large part of why they will not approve OSS. Beyond that, compliance is a real concern. Popular opinion may be of heartless assholes, but these are real people working jobs. I would not be so cavalier in saying "they'll just use it anyway".

3) I am always disappointed, though never surprised, when people assume that the military works solely to execute war. I was specifically contracted to a (large) part of the military that works on exactly the kind of thing that prevents and reduces violence (sorry to be vague). The kind of domain that would probably translate improved computer vision into saving lives (domestic, foreign, combatant, and civilian). That is, if they could get approval.

[1] I have no idea how other countries' militaries operate.

[2] Literally call. On a phone.


Thanks a lot for your insight! I'm glad the US military takes Software licensing seriously - this means spending time on this may actually be valuable.

I don't want to go in to my specific objections because they're not material here, but I appreciate that militaries don't only make war. That doesn't change my objective.


I wouldn't normally leave a reply like this, but I would like to say that your comment took me by surprise. In my personal community, I'm used to knee-jerk responses to the military that feel both hostile and uninformed. Your reply was neither and I want to thank you for that.

I can get a bit defensive about this sort of thing, but that's not an excuse for implying that you were being "cavalier". I apologize for doing so. You seem to be thinking carefully about what you want to do and how to go about doing it.

I sincerely appreciate that you are approaching your work and your words with thoughtfulness. Good luck with your project.


If you do find or use such a license, it's definitely not open source. According to the OSI, the only authority on what constitutes open source, open source license must not discriminate against fields of endeavour:

> 6. No Discrimination Against Fields of Endeavor

> The license must not restrict anyone from making use of the program in a specific field of endeavor. For example, it may not restrict the program from being used in a business, or from being used for genetic research.

See the open source definition: https://opensource.org/osd

I would encourage you to use a normal open source license, like MIT, and to not worry about trying to control who uses the software for what.


Why should the open source philosophy trump any other moral objections?


According to RMS, adding usage restrictions to an open source lucense is not a very effective at stopping the software from being used for evil but is a huge headache for a FOSS ecosystem (because it adds to the number of subtly incompatible licenses that we need to work around)

https://www.gnu.org/philosophy/programs-must-not-limit-freed...


And I'll clarify, in today's world code has severe moral repercussions, especially in the fields of AI and vision. Why shouldn't we have more discussions over ways that we can add caveats and nuances to the licenses in order to distance our consciences from repercussions.


We should, but this isn't the right way to have the discussion IMO. As OP noted, this is impossible to enforce, so it's more symbolic than anything. Which is fine, but it comes with the cost that anyone in a company that observes OSS licenses will need to decide whether it's worth having legal sign off on it, even if they aren't involved with a military (since it doesn't fit under a pre-approved license). This applies not only to OP's code, but any code that uses it as well, so even if OP decides this cost is worth it other non-military users may avoid the code anyway.


Have all of the discussions about that you want, just don't pretend that what software you release is open source if it in reality is not.


> According to the OSI, the only authority on what constitutes open source

On what basis is there any authority? Just discriminate against a FoE, and call it OS anyway - are they going to sue?


> are they going to sue?

No, but projects insisting on OS won't use it, and every online discussion about it will derail into a discussion about calling things "Open Source" that don't fit the OSI criteria and the pro and cons of creating your own licenses ;)

Since OP explicitly mentioned "open sourcing" it I think it's a fair concern to point out.


True, but that only matters to the degree you care about that vs Military use.


The power to sue isn't the only form of authority worth considering. Many projects and groups consider OSI authoritative in what constitutes open source, including Debian, Ubuntu, Mozilla, the Apache foundation, the Creative Commons non-profit, RedHat, Google (at least when they hosted Google Code), and others. Personally, I'm glad that the OSI occupies this role, otherwise, the term "open source" would inevitably be diluted to mean gratis or even worse.


You can't discriminate against any fields of endeavor[0] if you wish for your software to be under any OSI approved open source license.

[0] https://opensource.org/osd-annotated


he/she actually can, if he/she chooses to... some licenses discriminate against people that don't have money for buying them, so there should be nothing unfair about this...


[deleted]


Actually, he did.


He said he would be 'open sourcing' it. To me this means, making the source available. I suspect OP doesn't care about strict definitions of what does and doesn't constitute open source..


> To me this means, making the source available.

"Shared source" is a notion which Microsoft termed to refer to make the source code available without the software being open source.

> https://en.wikipedia.org/wiki/Shared_source


>I want to prevent any military from legally using it (I know that if they find it useful, they'll just use it anyway - that's not the point).

So... you don't actually want to prevent any military from using it, you just want to virtue-signal?

I'm not even being sarcastic here; this distinction is pretty important to the license you choose and how you enforce it.


I do want to prevent the military from using it, but I am also aware that militaries frequently do illegal things, and I don't have the resources to take them to task over it.

I am a signatory to the autonomous weapons non-proliferation petition from the future-of-life institute: https://futureoflife.org/open-letter-autonomous-weapons/

I am hoping that by including a non-military-use clause, if I ever do have the resources to fight military use of my software, I will be able to do so.


PETA helped develop the Harm-Less Permissive License (HPL) which I have used in the past. You may have to dig for it. It explicitly prohibits causing harm to humans and animals, which may serve your purposes. You may also want to think about prohibiting surveillance as well. Good luck!

Edit: found it!: https://4zm.org/files/2010/HPL/index.html


Thanks! This might be a good starting point.


No. However, there's nothing preventing you from taking the BSD license and adding a fourth clause:

4. This software cannot be used for military purposes under this license. You must negotiate for a license from the original author, AUTHOR NAME.


There is also nothing preventing you from rolling your own crypto. It doesn't mean you should do it. Actually in both cases, you should not, for pretty much the same reasons: if you have no idea about what you are doing, it is likely you are doing it wrong, with bad consequences looming.


Couldn't you ad another clause to any license?


I guess that would become harder the longer the license gets.

Say you wanted to add a clause to the apache license (AL2) or GPLv3 - Then you would also have to make sure that your new clause does not contradict anything in the rest of the license.

Edit: And that clause would probably prevent even others who are not in the military from using your code. Just because there's a chance your license is incompatible with the GPL.


Very much this.

The longer the license, the more likely it is that you have not understood the effects.

The simplest license is abandonment to the public domain; that won't work. You need something that establishes that you are the original author (so that you own the rights) and that you are offering certain specific rights to most people (now it's open source, though not Open Source) and that keeps the same restrictions for people making derivative works -- and now you have the BSD 3-clause.

So that's the simplest license which can possibly work for the OP's purposes.


Some projects have added a "no military use" clause to the GPL [1] to do this.

https://www.linux.com/news/open-source-project-adds-no-milit...


I wonder what Stallman and the EFF had to say about that. I thought they were against modifying the license in that fashion.

EDIT: oops, they actually asked him later in the article.


Thanks!


There are lots problem with this kind of terms:

- What kind of use is to considered military? Dual use goods? Software running on some computer in a military department that is used for "civil purposes" (think of some accounting software in the accounting department)? Projects that are also financed by some military pot of money (lots of civil research e.g. in the USA is financed by DARPA)? Consider that the precursor of the internet (ARPAnet) belongs to this category. Civil defense systems that are not owned/built by the military but by private security companies?

- If OSS people would tolerate such a restriction, the next people will come and also want to add restrictions to the usage of their software. At the beginning these will even serve noble purposes, but the time will come when people will use this kind of restructions to build their political agenda, such as

* must not be used for military purposes

* must not be used for animal experiments

* must not be used to produce hate speech

* must not be used for misogynistic purposes

* must not be used for homophobic purposes

* must only used by white people

* must not be used on Intel processors

* must only be used on RISC-V processors

* must only be used by citizens of democratic states

* only for noncommercial purposes

* only for research purposes

etc. So it is accepted practise in FOSS communities not to consider usage restrictions as acceptable.


Sure but it is also part of the author's own freedom to choose what his software is used for.

A lot has been talked about the restrictions of open source.

If I want my program used for things I agree with only I should have that right. If OSI says my license isn't good, then I'll be proud to have a non-conforming license.


You have the right to do what you want with your copyrighted intellectual property. Nobody disputes that. Just don't call whatever you want "open source" when it isn't.


> If I want my program used for things I agree with only I should have that right. If OSI says my license isn't good, then I'll be proud to have a non-conforming license.

The OP talked of "open sourcing". This implies that his software will satisfy freedom 0 - which is not possible with a military use restriction.

EDIT: If he just meant "releasing the source code" he would surely have used this wording.


StackExchange discussion of the more general case: https://softwareengineering.stackexchange.com/questions/3193...

Interesting related historical item (java used to disallow usage in nuclear power facilities): https://www.quora.com/The-license-agreement-of-Java-says-You...

Neither really addresses an important point made by user venning here--that simply writing any license that makes it more complicated for someone to get approval to use your software will actually work, in cases where the "someone" is part of an organized operation that generally operates according to standard processes. But RMS (paraphrased and linked in the SE article) has thoughts on how that may not apply in many states.



Be careful, some people like the FSF and Debian won't like it:

https://news.ycombinator.com/item?id=4762035

https://wiki.debian.org/qa.debian.org/jsonevil

Personally, I applaud it and I would live with these consequences, but be aware of these consequences.


I used to! Please see my old comment here: https://news.ycombinator.com/item?id=5506623#5507187

I took the repo down shortly after, and can't seem to find the original :(

I'll keep looking...


While I "like" the idea, I think it's a lot like DRM.

It will prevent law abiding persons (natural/legal) to use your software and make their experience with it worse, while not blocking anyone who'd really want to use it.


Some old software had BSD license with clause 'do not use for evil'. It was useless for corporate use. 'Evil' has different meaning for each individual and is impossible to define.


This was the case for JSON and JSLint, with a clause of "This Software shall be used for Good, not Evil". Famously, IBM requested (and got) an exception from this.


Yep, the exception was in the form of:

“I give permission for IBM, its customers, partners, and minions, to use JSLint for evil.”

IBM's response:

“Thanks very much, Douglas!”


Just in case anyone else hadn't heard of that and wants to look it up:

https://news.ycombinator.com/item?id=5138866


jslint famously had such a clause and caused problems for lots of FLOSS distros like Debian. Please don't include such a clause, it only punishes careful people.


I have the same problem, but I want to exclude its use in the domains of advertisement and user tracking, as well as military.


What if military organizations are doing something that isn't really "military" in the normal sense?

e.g. The RAF used to run search and rescue helicopters in the UK until a couple of years ago - my wife was rescued by them after a climbing accident in Glencoe.


That would be being used by the 'military'and not allowed, seems pretty clear cut to me?


Probably you can get some inspiration here: http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm




I'm seeing a lot of people throwing around "definitions" and "authorities" of what constitutes free or open source software in here. I disagree with them. You are ethically in the right to want to keep your work from being used in such a way. I don't know of any licence that as this provision in a legally enforceable way, but I hope you find it. I really like the thought,


> You are ethically in the right to want to keep your work from being used in such a way.

But then it is not open source or free software anymore - since this violates freedom 0.


Not doable. Not for the ones protecting your country much much less for the ones planning an attack to it.


be constructive, and save us all the fluff and drama next time please...




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: