David Spring M. Ed. March 15 2023
GitHub is the world’s largest open source code repository -hosting the code of millions of open source developers. In 2018, Microsoft shocked the open source community by purchasing GitHub for $7.5 billion. Shortly after purchasing GitHub, Microsoft began secretly using the open source code written by the open source development community to produce a closed source program called Copilot. Copilot magically strips the code of its open source license and then resells the code without the open source license or any attributional credit to the original authors of the code. In short, Microsoft uses a Magic Wand to steal billions of lines of open source code from millions of open source developers and turn their code into closed source code sold for a profit.
This is possibly the greatest theft of intellectual property in human history. Imagine spending a year writing a 300 page book and then finding entire chapters of your book copied word for word into a book that Microsoft was selling – with no link back to your original book and no mention of who wrote the chapter. Now imagine that you had an open source license at the beginning of your book allowing any one to copy your book requiring that they must include your name and the open source license at the beginning of their book. With Copilot, Microsoft has stolen the contents of millions of books while at the same time using a Magic Wand to strip each book of its open source license and delete the names of the original authors.
In November 2022, a group of open source developers filed a 56 page class action lawsuit in California federal court asking for potentially billions of dollars in damages due to Microsoft’s MILLIONS of Magic Wand violations of Open Source Licenses. In this article, we will look at what is at stake in the California Copilot lawsuit. Here is a link to the lawsuit so you can read it yourself. https://githubcopilotlitigation.com/pdf/06823/1-0-github_complaint.pdf
Here is a link to a second 30 page Response that was filed on March 9, 2023 opposing Microsoft’s motion to dismiss this case:
https://6398037.fs1.hubspotusercontent-na1.net/hubfs/6398037/GitHub%20Copilot/ECF%20No%2066%20-%202023-03-09%20-%20Response%20IOT%20Microsoft%20and%20GitHub%20MTD.pdf
Here are a few quotes taken mainly from page 27 of their 30 page response to Microsoft’s Motion to Dismiss:
“Plaintiffs are the authors of open-source code placed in the GitHub repositories pursuant to open-source licenses. Through these licenses, Plaintiffs intended to make their code available in an open-source environment while they received tangible benefits including future prospective coding, engineering, and other professional economic opportunities associated with providing code in an open-source setting made possible by the conditions in those licenses...
“Defendants (aka Microsoft) have since been reproducing that code as output without and in disregard of those licenses… Microsoft/GitHub took the sensitive information of Plaintiffs and then shared and distributed it to third-parties without Plaintiffs’ authorization.”
“Defendants have utilized their access to the Licensed Materials hosted on GitHub to create Copilot... Defendants have directly profited and otherwise obtained benefits from the removal of attribution, copyright notices and license terms from the Licensed Materials and reselling through Copilot.”
“Plaintiffs have invested substantial time and energy in creating the Licensed Materials… Plaintiffs also lost the value of that work, including their ability to receive compensation as well as the likelihood they would be retained or hired in the future. See Jacobsen v. Katzer, 535 F.3d 1373, 1379 (Fed. Cir. 2008) (explaining that damage from violations of public licenses could include injury to reputation and recognition in the profession).”
One of the people who brought the lawsuit explained how this spying and code theft harms Open Source Code development:
“Microsoft is creating a new walled garden that will inhibit programmers from discovering traditional open-source communities, Over time, this process will starve these communities. User attention and engagement will be shifted [...] away from the open-source projects themselves—away from their source repos, their issue trackers, their mailing lists, their discussion boards.”
https://www.bleepingcomputer.com/news/security/microsoft-sued-for-open-source-piracy-through-github-copilot/
The Software Freedom Conservancy was so appalled at Microsoft’s attack on Open Source Software development that they referred to it as “monetizing the labor of open source developers via a proprietary product.”They therefore launched a campaign asking Open Software developers to “Give Up GitHub!.”
https://sfconservancy.org/GiveUpGitHub/#ICE-contract-details
A Brief Legal History of the General Public License (GPL)
In 1989, the founder of the Free Software Foundation, Richard Stallman wrote the first General Public License. The third and current version of the GPL was written by a committee of open source advocates in 2007 after considering 2,636 comments on a draft version.
There are now many other open source licenses. But they all share some common characteristics. Namely, they require that the license by included in any future code based on the covered work and that the names of the people who created the original work must also be retained in any future work.
These additional required provisions is what makes open source licenses different from normal copyright laws. Use of open source work requires that the open source license and the names of the original authors must be retained in the new work.
In April 2017, a US federal court ruled that an open-source license is an enforceable contract. (see Artifex v. Hancom). The federal judge ruled that licenses like the GPL can be treated like legal contracts, and developers can legitimately sue when those contracts are breached.
In October 2021 another federal judge ruled that GPL agreements function both as copyright licenses and as contractual agreements and thus that the GPL is an enforceable contract (see SFC v. Vizio).
Benefits of Open Source Code over Closed Source Code
There are two competing models for code development. The closed source model (for example, the Microsoft Windows operating system) is a private commercial process where the code is hidden from the public. The open source model (for example, the Linux operating system) is a public community process where the code can be viewed by anyone and shared with anyone.
Some of the important benefits of the Open Source Model include:
#1 Open Source programs are more secure.
#2 Open Source Programs are more innovative and diverse.
#3 Open Source Programs are less expensive.
#4 The Open Source Model builds communities of people with common interests.
To understand what will be lost should Microsoft be allowed to continue with their destruction of Open Source programs, we will take a brief look at these four benefits:
#1 Open Source programs are more secure
While the Windows operating system is still the most common operating system used by the general public, those who run servers prefer the Linux operating system. Major cloud hosts such as Google and Amazon use entirely Linux servers. Facebook also runs on Linux. Even the Microsoft cloud, called Azure runs mainly Linux servers! The reason most Internet servers use the Linux operating system rather than the Windows operating system is because Linux is dramatically more secure than the Windows operating system.
Because Linux is more transparent than Windows, it can be looked at by thousands of open source developers who contribute security improvements. Linux servers therefore are much harder for hackers to attack than Windows servers. Here is a chart comparing security vulnerabilities of the Windows Operating system compared to the security vulnerabilities of one of the largest Linux distributions (called the Linux Debian Operating system) during the 2021 calendar year:
According to Mitre.org, the Microsoft Windows operating system suffered from 823 security flaws in 2021 while the Linux Debian operating system did not have a single security flaw reported in 2021. This is the result of transparency and having thousands of eyes continuously monitoring the Linux Debian operating system. Meanwhile, the huge number of holes in the Windows operating system has led to a massive Windows Ransomware Hacker explosion. Windows Ransomware now costs businesses hundreds of billions of dollars – and perhaps even trillions of dollars annually.
#2 Open Source Programs are more innovative and diverse
A second benefit of the open source code development process is the freedom to innovate. One reason why it is much easier to attack the Windows operating system is because there is at any given time only ONE Windows operating system (currently Windows 11). By contrast, there are over 100 different versions of the Linux Operating System – called Distributions. Anyone willing to put in the time is able to create their own version of Linux. This diversity makes it very hard on hackers who have to come up with a new attack process for each of the 100 versions of Linux.
One reason for developers to participate in open source projects is that all ideas and code suggestions are considered in the code evolution of open source projects. Most of the software innovations in the past 20 years has been the result of this freedom to innovate. Meanwhile in closed source programs, innovation is often frowned upon because the new program tends to make the old program obsolete.
#3 Open Source Programs are less expensive
A third benefit of the open source code development process that the programs are often released to the public for free. This is a huge help to groups such as non-profits that may not have a budget to invest in expensive closed source code.
#4 The Open Source Model builds communities of people with common interests
A fourth benefit is development of communities of common interest. Programmers find and work together with others who share their interests. Open source licenses encourage cooperation as everyone knows that the programs they build together will be freely available to all of them.
Dangers of the Microsoft Magic Wand
Copilot is the exact opposite of Open Source program development. Instead of creating more secure and more diverse and innovative code, Copilot output leads to less secure, less diverse and more predictable code – making it easier for hackers to infect programs with viruses.
By design, Copilot examines the billions of lines of code on GitHub and then outputs whatever code is used most on GitHub. Copilot treats code like a popularity contest. One of many problems with this approach is that the code repeated most on GitHub is code used as popular Code Examples written by teachers who post their code on GitHub. Teaching code was never intended to be REAL Code. But Copilot is too dumb to realize this.
Real code is a constant battle between hackers and developers with hackers finding holes in the code and developers coming up with different code that closes the holes used by hackers. While popular simple Code Examples are a good way to teach beginners, they are not a good way to defeat hackers. Repeated use of such code leads to uniformity and lack of innovation – turning code into a Hacker Heaven.
Code pilot also increases the cost of code development because the Microsoft tax on code development (in the cost of Copilot) needs to be passed on to those who use the program.
But the biggest problem with Copilot is that by removing the open source license and attribution requirements from open source code, Copilot removes the primary incentive for programmers to work together. Without this incentive that their work will be recognized in all derivative programs based on their work, it is likely that ,over time, many programmers would simply stop contributing their code suggestions to open source programs. Thus, in developing and promoting Copilot, Microsoft is killing the open source Goose that will eventually stop laying Golden Eggs.
Those damaged by the new Microsoft Frankenstein program are not only millions of open source programs who use GitHub but also hundreds of millions of people who use open source programs. As can be seen by the growth of Windows Ransomware, the cost to our economy of killing the open source community is in the hundreds of billions of dollars – and may grow into trillions of dollars annually. This destruction of open source communities and the resulting economic damage it will inflict makes the California Copilot lawsuit one of the most important lawsuits ever filed.
Past Microsoft Legal Evasions
Sadly, this is not the first time Microsoft has been sued for using its software monopoly position to blatantly destroying its competition. In the 1990’s Microsoft was sued several times. Despite losing every time, Microsoft was in each case given a “Get out of jail free” card – with the last lawsuit ending in a remedy that Microsoft would decide its own penalty and “Pinky Promise” to never do it again. For a complete blow by blow account of the failure of our legal system to reign in the Evil Empire, see my 400 page book, “Free Yourself from Microsoft and the NSA” which you can download for free at the following link: https://freeyourselffrommicrosoftandthensa.org/
Real Remedies
Even if the court finds Microsoft guilty, the fine can not just be money. Even a fine of a billion dollars would be chump change to Microsoft. It should be obvious that Microsoft should never have been allowed to buy GitHub in the first place. Microsoft has proven that they can not be trusted to protect either code or open source licenses. Instead, GitHub should have been turned into a non-profit under the control of a Board or committee of elected open source software developers. Microsoft must not be left in control of GitHub.
Sadly, I do not think the court is likely to understand either the harm Microsoft is doing to the open source community or the need to remove Microsoft from GitHub. It is therefore up to those of use who care about the future of open source development to build and use an alternative to GitHub that respects the rights of open source developers and promotes building open source communities.
Thankfully, one example of this alternative already exists in the form of a non-profit Open Software repository called Codeberg. Codeberg allows us to freely host our Open Software projects without the code being subject to data mining by Microsoft and Copilot. Unlike the closed source code used to run GitHub, Codeberg runs on entirely open source code. Codeberg will even teach you how to set up your own version of Codeberg. Here is a link to the Codeberg project:
Codeberg is more than just Git hosting for your software projects. They are a community of like-minded Free Software and Content Creators. Codeberg does not engage in data mining. Their policy is that your data is not for sale. All Codeberg services run on servers under their control. No dependencies on external services. No third party cookies, no tracking.
The Future of Software Development is up to all of us
We should be grateful to the six attorneys in California who are attempting to defend the rights of millions of people by going up against the hundreds of attorneys employed by Microsoft. As Microsoft is commonly referred to as the Evil Empire, these six attorneys are the Jedi Knights of our time.
But rather than standing back and hoping these six attorneys prevail, it is up to each of us to take up the cause of protecting the future of open software development. Please share this article with anyone you know who is interested in protecting the rights of open software developers. Then set up a free account at Codeberg.org – and learn how easy it is to move your repositories from GitHub to Codeberg. Then encouraging and help other open software developers to do the same.
As always, I look forward to your questions and comments.
Regards,
David Spring
davidspring at protonmail dot com