Copilot was made from stealing code on Github, ignoring the licenses set on repos such as e.g GPLv2, using AI as a trick to license-launder code.
Copilot has announced their plans to become a paid service.
So this product that would not be possible without public, open-source code will itself be non-public, closed-source, closed-data. It is extracting value from the commons and funneling it to a private company.
The following is just my opinion, and I'm not that hard-set in case anyone has any nice arguments.
Generally, when you (for example) use GANs to learn from (copyrighted) images and generate new images, I see no reason why those new images should inherit any copyrights from the original image if the resulting images look sufficiently different. (Obviously, if you just train on 1000 images of Mickey Mouse, you'll get mostly Mickey Mouse, and you wouldn't get the copyright.)
Humans work the same way -- artists train on existing images or subjects/etc., and unless they produce something that looks similar to an existing image, they get the copyright.
In other words, I don't think training on copyrighted code violates copyright (UNLESS the license explicitly disallows that; maybe there will be licenses for that soon). However, if generated code is too similar to existing code, then that could be a copyright violation. In other words, the user is responsible to make sure they aren't violating any copyrights from their usage of Copilot. It may be useful to build plagiarism checkers for this purpose. (Or maybe they already exist.)
If you use Copilot, I recommend keeping track of things that were generated automatically, just so you can go back to change those components if necessary.
Out of the replies I got so far, I liked this one best. Unfortunately the story is off the front page already, so I doubt there will be much more discussion.
In my view, artists work the same way. If you ask them to draw Mickey Mouse, they (maybe) will. It wouldn't be fair to say that they are infringing on Disney's copyright by storing images of Mickey Mouse in their brain. But their version of Mickey Mouse won't be copyrightable (unless they add parody/significant creativity etc.).
If we perform an _exact_ simulation of a human brain such that it believes it is a human, how will copyright law work? (Maybe it will own the copyright and turning the simulation off would be robocide. Okay, enough sci-fi.) If we remove consciousness and all that from the simulation, will the copyright go to its creator?
I saw in a couple other comments saying that machine learning is "just an algorithm"... But is machine learning sufficiently different from the way some parts of the human brain work to warrant being held to different standards?
My opinion is that it's reasonably similar and should have the same privileges that humans enjoy -- learning from whatever's in sight that is not explicitly marked as "for authorized personnel only".
Thanks for the answer, but here is a bit difference though in our understanding of law, I think if I draw Mickey Mouse now, it is derivative work. Disney can sue me. I think there should be some reasonable difference like trademark cases, people will not see it as Mickey Mouse.
But I think eventually we are at level of what is the minimum required duplicate to define something as duplicate. (I think this is more of a problem of music, similar songs etc)
I think main problem is we are not yet there (exact simulation of human brain), we are more like 'convince people to you are exact simulation of brain' stage.
Also another problem here is 'self trained/directed' vs 'trained/directed by someone'. Imagine I have a human artist (never seen Mickey Mouse), and in front of me some Mickey Mouse art, if I am giving directions to draw a mouse, then saying make in cartoon style, then saying make ears bigger, etc. Till I get the Mickey Mouse reasonably similar, even maybe exactly to the pixel in front of me, is it copyright violation, I wouldn't maybe 100% yes, but I am very closer to that.
I think the catch is, a human is considered a creative being, as in it can create new content which consequently is copyrighted to that human.
An AI cannot - at least so far - not create create genuinely new content and also cannot assume copyright.
If the copilot would have been trained on open source software e.g. to discover bugs, bad code style, or other things "learned" by analyzing existing code and using the results of this analysis as a metric for judging code, it wouldn't be a copyright problem. But creating new code based on what it "learned" is a much more difficult field, especially, if it is "quoting" so literally.
> I don't think training on copyrighted code violates copyright
It might not be illegal, but for a lot of us it feels unethical. IMO licenses should list what they allow versus what they forbid. In other words, if something isn’t explicitly allowed it should be assumed to be forbidden.
We need similar protections for personal data too. Tech companies have gotten too used to ingesting data and profiting from it without asking for consent. I’m willing to bet that had GitHub asked repo owners whether GH could use their work to train a new product, most would have said no, much like what happened when Apple asked iOS users if they were ok with Facebook tracking them.
> In other words, I don't think training on copyrighted code violates copyright (UNLESS the license explicitly disallows that; maybe there will be licenses for that soon).
A new license saying "this license does not permit use in training an AI" won't have any effect, because the claim by the trainers is that they don't need to license the work in the first place. Unfortunately this is likely to be something that's only settled ad hoc in court.
Welcome to software engineering, where engineers have extremely strong and fixed opinions about all sorts of fields that are completely disconnected from software engineering.
«A derivative work is based on a work that has already been copyrighted. The new work arises—or derives—from the previous work.
If you own the copyright to a work, you need to be aware that you also have rights to derivative works. If you're considering incorporating someone else's work into your new work, you need to be aware that you may be violating the copyright to the original work.»
Regardless of the nuances of that point, GitHub copilot violates copyright because the content it was trained on still lives in it, and you can get it to spit it out verbatim.
If I were a master artist, my existence wouldn’t violate copyright, but I would certainly be violating it every time I chose to reproduce a copyrighted work for a client.
So this product that would not be possible without public, open-source code will itself be non-public, closed-source, closed-data. It is extracting value from the commons and funneling it to a private company.
This is just business as usual for tech companies though. How many Silicon Valley businesses built their products on top of open source projects without contributing much back? Heck.. how many YC companies do that? When you see vital open source projects like OpenSSL struggling to raise more than a few tens of thousands in donations (it only continues through OSF contracting work), and libraries like Svelte barely clearing $30k, when you know they're used by Apple, Google, Facebook, Microsoft, etc you can't be that surprised when companies do the same thing on a larger scale.
The entire tech industry and all the multi-trillion and multi-billion dollar unicorn businesses that have billionaire founders and millionaire developers working at them fall under the description of "would not be possible without public, open-source code" and "will itself be non-public, closed-source, closed-data."
We can't reasonably claim there's anything wrong with a company building a product on the back of open source work when literally all of us do that as well. The only difference with Copilot is scale.
> We can't reasonably claim there's anything wrong with a company building a product on the back of open source work when literally all of us do that as well.
We cannot (are not allowed to, by law, contracts etc.) open source everything we write. I think the most important contribution is not funding but to contribute in some way or another for most.
Having said that, it is disheartening that important projects lack even basic funding. Is this getting better? There are also success stories that pop up with funding and donations becoming easier.
For companies open source funding can be a major thing to improve their relationship with the wider software community. It is a signal that they are interested in sustainability of software and collaboration. And it is a form of recognition for the authors.
Edit:
I just realized we are talking about GitHub here. They are a major contributor to open and free software as they provide free hosting and tooling. I'm not saying this absolves them of everything they do with Copilot, but I'm very, very happy to have such an amazing service freely available and many others are too.
GitHub isn't good for Open Source in my opinion. Debian is right to use their own GitLab instance. Lots of things seem good in the short term and are bad in the long term.
Edit: I don't really know what things would be like without GitHub. Same with YouTube and Facebook. I don't assume any of these have a net positive impact, though.
No part of any open source license says I have to like companies that extract billions in value from open source projects without contributing back to the project. My opinion is simply that once you get to a few million in revenue putting a few thousand back in to the code that got you there is a decent thing to do, and if you don't then you're not very nice.
The fact that the license allows you to do this is great; the fact that people actually do is not.
GPL asks to release back changes to code made by a company, for which the company paid already, i.e. it's almost zero price for the company, and just look how much companies are afraid to donate zero ($0) worth of code back to the opensource project and prefer to pirate it instead, including such mega-rich companies as M$.
There's a difference between building a product using open source and not contributing back, and copying licensed code into your own codebase. One is rude and the other is straight up illegal.
The code doesn't exist in Copilot. The instructions for how to recreate the code does. On a very pedantic level those are not the same, but it probably is enough to argue that the product is 100% legal.
I don't think there's any water in that argument at a fundamental level. By that logic you could encode copyrighted information in any reversible format and it would be OK.
If I copy the code line by line with my eyes and keyboard, then the code briefly doesn't exist, but the instructions to recreate it do. Copying it is then a two-phase process: first I read the code, then I type it in. It is clear that I'm allowed to look at the code, so it's the action of typing it in that violates copyright. In the same way, distributing Copilot doesn't necessarily break copyright, but using it may.
I don't think people should look at this based on current law, but what is right.
Copyright was established (much) after the printing press made copying so easy.
We now need protection against machine learning (learnright?) because the only way to not work for Microsoft for free now is to not release your source code... so not open source. Remember when people said that Microsoft changed its mind on open source?
Yes. Models are much much smaller than compressed training sets, making it very clear that they are doing more than just compressing the entire training set.
Copilot generally (excepting rare cases where it produces snippets verbatim) does not steal code. The GPL restricts distribution, not usage. And (to my knowledge) no open-source license restricts learning from code. I cannot see anyone who doesn't want others to learn from their code ever release code as open-source.
I as an open source author absolutely do not want Microsoft to get richer from using my code, code that I contributed or published for the benefits of other developers.
They took my work, removed my name and trained an advanced pattern matching technique to try to make code like mine and then sell it. It’s so obviously ethically questionable it’s insane.
Developers are absolutely pissed about this, and rightfully so.
Not even copyleft licenses prohibit somebody from earning money from what you released, and that includes Microsoft. The idea behind free software is that it benefits all users equally, even if other developers get the biggest direct benefit.
The best question to ask yourself is if you would be annoyed as much if a company like Black Duck did a similar training or analysis with their OpenHub (openhub.net)?
I think one could even make a case for training an AI in this manner from the leaked Windows code: copyright law treats these generally as "fair use", though how you gained the copy of the code might still be illegal.
You need to comply with license first before you can use it to defense your position.
Copilot doesn't comply with opensource licenses, so authors of Copilot lost the right to use opensource licensed code permanently, until they settle the case with authors of the code.
Dual licensing with a copyleft license is common if you want to offer an ability for someone to develop a closed-source project: they can perfectly develop a GPL-licensed commercial project without paying anything.
If CC-BY-NC prohibits commercial use, it is not an open source or free software license (which have compatible definitions, but differ in motivations).
AFAIK, Creative Commons was set to create a set of licenses in the spirit of open source for creative works, and I wouldn't expect them to be open source at all.
Screwing over the little guy because he didn’t spend enough time contemplating possible legal troubles with his OS software seems, again, ethically dubious at best.
I wonder if they could generate the correct license to code copilot produces, and maybe even infer the preferred one from repo and generate code that is restricted to that?
The license for my software was written in a world where AI was not being used to replace me with my own code. Whatever license was chosen, was chosen to deal with the questions and issues known at the time.
It’s such a BS argument to say “your license didn’t anticipate the future, it’s your fault.” No, that’s not how law works.
Furthermore, law is not ethics. I said it’s ethically questionable because that’s what matters. Not if a court will find Microsoft guilty of some kind of overreach.
Anybody with even passing knowledge of law knows this, so please, stuff it somewhere.
The GPL very much restrict derivative works. It's the whole point of the GPL. "Usage" in the context of the GPL does not have the meaning you are using.
It is way more nuanced than that. For example if you never redistribute your work that was a fork from GPL code, then GPL states it's ok to never give back the source.
What we both said is compatible and consistent. The derived work is restricted by the GPL's provisions. Those restrictions just don't require you to distribute the source on demand unless and until you distribute derivative works to other users.
I'm open to new perspectives. But here's where I stand so far.
If I learn programming from a book that is copyrighted and use a small snippet (for example, how to do a particular kind of sort) from it in my own program, am I violating a copyright?
Read the book copyright statement and license. Some books have separate license for examples.
However, if you copy an example from a book into a code, then very often it's fair use, but if you copy the same example from a book into your own book, then very often it's a copyright infringement, unless explicitly allowed by the book license.
Turning the free contributions of an enthusiastic community and turning it into private, closed source wealth is a bit of a Microsoft tradition. Arguably Bill Gates did exactly the same thing with Microsoft; it was picked by IBM specifically because the community recommended it, a community despised by Gates who thought they were “stealing” from him.
Using the word “extract” seems misleading to me. It has connotations of removing something, or exploiting scarcity. When we extract water from the Earth, there is less there for others to use. But in this case nothing is being removed from the code they trained on. I don’t mean to have the argument devolve into mere semantics, but I really think the use of that word demonstrates an assumption about the issue: people are perceiving a loss to the folks whose code was trained upon.
IMO any place where Copilot is mentioned is a relevant place to put this. I don't know how anyone working in software can just turn a blind eye to shit like this. Anyone who uses Copilot is implicitly endorsing this theft.
We have a duty as practitioners in the industry to call it out when we see something wrong. If even devs aren't calling bullshit on Copilot, the media won't care, courts won't care, and it will be declared legal, and future theft will be normalized.
Its ridiculous how we all see the big tech companies doing various kinds of terrible shit and then the next new shiny thing comes along and everyone forgets all about it? Are you goldfish? What will it take to get someone to actually give a shit and stop supporting this kind of product/behavior?
> Anyone who uses Copilot is implicitly endorsing this theft.
Just like you're endorsing being sponsored and effectively stealing GitHub's bandwith? :)
> We have a duty as practitioners in the industry to call it out when we see something wrong.
It's wrong both ways. You accepted the service from GitHub, the free one where you get to open your account, host your code, share it etc.
What exactly did you expect? To be served for free for your entire lifetime?
Please, get off the moral highground. You ate the devil fruit, now you're whining about it. You should be smart enough to know that this kind of whining will get you nowhere. Just quit.
Basically you are saying any product thats free should be able to break the law arbitrarily? Google can decide to post your all email online, your location history for all time, your photos and you would be ok with that because its free? The undoubtedly free DNS server you use can leak all your requests too? You're ok with that?
Yes its free, no they did not tell me or ask for my permission before using the code in this way. Free does not give them the right to break existing laws and licenses. Its pretty simple.
However you did give them permission to use your code by the fact that you acceded to their terms and conditions[1] when you created an account. IANAL, I don't know if this section would hold to scrutiny in a court of law, but I'm pretty sure this is what their legal team considers to cover them when it comes to training Copilot on code hosted with them.
IANAL, but that is not my reading. They cover "Your Content" with the license grant, but not "any Content". The user still has the right to post "any Content" if they have the appropriate license to do so, but obviously they can't grant additional licenses to content the user doesn't own.
In my understanding your reading is that users uploading code that they don't own the copyright to, but otherwise have the right to copy through a license, are in violation with the ToS in general.
My reading is that the license grant only applies to "Your Content" as defined in the ToS, and otherwise users are free to upload code with permissive license and it _does not grant_ additional licenses to Github.
> Certainly the GitHub TOS grants them some common-sense ability to copy the code you upload so that they can usefully host it. Can you point to the portion that allows them to use it for Copilot?
> Because I'm pretty sure it doesn't. Section D4:
> > This license does not grant GitHub the right to sell Your Content. It also does not grant GitHub the right to otherwise distribute or use Your Content outside of our provision of the Service...
> You grant us and our legal successors the right to store, archive, parse, and display Your Content, and make incidental copies, as necessary to provide the Service, including improving the Service over time
> The “Service” refers to the applications, software, products, and services provided by GitHub, including any Beta Previews.
That's actually a great point. Ditto for GDocs. I've been pleasantly surprised at how good autocomplete suggestions have been in docs lately.
If I were to hazard a guess, I'd say that the vitriol around Copilot stems from five factors that distinguishes it from Google:
(1) The length of the suggestions alongside some of Copilot's marketing demonstrated that perhaps non-trivial replacement of engineers with AI might not be as far-fetched or far away as most people thought. Google's autocomplete has yet to make me feel replaceable.
(2) The content of the training data had a clearer intrinsic commercial value, making perceived license violations feel more 'real'.
(3) GitHub (historically) didn't have the same reputation as Google for training AI models on data uploaded to its free services. People likely (mis)placed some trust in GitHub when they uploaded code, and this backlash is part of the adjustment process.
(4) The indication that Copilot will eventually be a paid commercial service, effectively building a commercial service off the backs of millions of open source developers. While this is perfectly legal and common across all industries, it doesn't feel good.
(5) Copilot spitting out raw training data really doesn't help its image.
Honestly, I think all this talk about GPL vs MIT/BSD is a red herring.
It doesn't matter whether the code is GPL or MIT or BSD. If Copilot reproduces it in your codebase, you're violating the license anyway - almost all FLOSS licenses carry an attribution requirement, which Copilot does not and can not reproduce[0].
The difference between GPL and MIT is whether you have to release your source code, or just add a blurb in README. It's a big one, but it's downstream from the core problem: with Copilot, you won't even know when you're violating some license - much less what to do about it.
--
[0] - The whole point of a DNN model is to pre-mix the inputs in training, so that responses to queries are cheap and fast. This comes at the cost of making it impossible to reverse-query the model, so the only way for Copilot to give correct attribution would be to take its output and run a search on the training data, which would kill all the costs savings they won by using a neural network.
While I see how Copilot's data gathering can be considered unethical, in the end I ask myself, does it matter? Would it have been of any concrete advantage to open-source programmers if Copilot hadn't used their source code? I can't think of any
Well, if you chose a viral license like the GPL, you do not do that to have your code and knowledge being reused in a non viral (possibly closed source) licensed solution. So this is a fundamental issue at least GPL minded authors will definitely mind and fight against.
Conversely, the generous olive branch of free hosting is not a blank check that allows GitHub to use the hosted code for any purpose, especially when that purpose wasn't made clear as part of the terms of the original free hosting offer.
When I uploaded my code to GitHub, it was done so with the understanding that in exchange for the hosting and bandwidth, GitHub was permitted to use the code in a set of limited ways, as spelled out in their terms of service. I understood that I was contributing to building and establishing GitHub's brand as the go-to place for open source collaboration, a brand which they have undoubtedly benefited from.
With Copilot, GitHub has extended that use in a way that was not made clear during that initial contract. Regardless of the legality of this change, it's normal and expected for some users to be "offended". This isn't "being entitled", but a legitimate response to what many perceive as a violation of the norms of this industry.
That doesn't even get to the ambiguous legal questions involved, particularly with licenses that go beyond the typical MIT/GPL licenses. Based on GitHub's statements, it sounds like any public repo was fair game. What does this mean in the context of AGPL and other more restrictive licenses?
No I am happy to pay for it, and have paid for github in the past in fact. That doesn’t mean they can change the deal on what free hosting means with out any notice or method to opt out. Paid user’s public repos were not spared from Copilot either.
The hosting of open source code on GitHub is not some completely selfless act on their part. GitHub's value proposition to commercial users is in part contributed to by the fact it is used by a lot of open source projects and for solo or hobby projects, thus breeding familiarity with the platform.
Copilot has announced their plans to become a paid service.
So this product that would not be possible without public, open-source code will itself be non-public, closed-source, closed-data. It is extracting value from the commons and funneling it to a private company.