1 00:00:02,185 --> 00:00:05,509 MICHAEL: Our keynote speaker today is Karen Sandler 2 00:00:05,509 --> 00:00:09,153 She'll be talking about Companies, Free Software and You. 3 00:00:09,153 --> 00:00:13,901 Karen is the Executive Director of the Software Freedom Conservancy and she used 4 00:00:13,901 --> 00:00:16,844 to be the Executive Director of the GNOME Foundation 5 00:00:16,844 --> 00:00:22,284 and she's also working a lot on the Outreach programme for Women 6 00:00:22,284 --> 00:00:25,524 and several other programmes, so everyone please welcome Karen. 7 00:00:25,524 --> 00:00:30,621 (APPLAUSE) 8 00:00:30,621 --> 00:00:36,527 KAREN: Thanks so much. I can't even tell you how beyond excited I am to be at DebConf 9 00:00:36,527 --> 00:00:39,617 I was briefly at the New York DebConf 10 00:00:39,617 --> 00:00:48,736 and I was so impressed and enthralled by Debian that I kind of ran away, (LAUGHTER) 11 00:00:48,736 --> 00:00:55,381 So all these years later it's so exciting to be here and to be a speaker. 12 00:00:55,381 --> 00:00:59,663 I'm Executive Director of Conservancy. 13 00:00:59,663 --> 00:01:02,464 Raise your hand if you've heard of Conservancy. 14 00:01:02,464 --> 00:01:05,141 So that's almost everyone, hooray! 15 00:01:05,141 --> 00:01:12,154 We're a non-profit charitable fiscal sponsorship organisation 16 00:01:12,154 --> 00:01:14,656 These are all of our member projects. 17 00:01:14,656 --> 00:01:19,416 If you're here, you're surely using a few of them. 18 00:01:19,416 --> 00:01:25,350 Two of the member projects that are not listed here include the 19 00:01:25,350 --> 00:01:30,297 GPL compliance project for Linux kernel developers 20 00:01:30,297 --> 00:01:32,865 and also the Debian Copyright Aggregation project 21 00:01:32,865 --> 00:01:36,452 and I'll talk a little bit about those in a bit. 22 00:01:36,452 --> 00:01:43,318 I'm also a lawyer, which when I admit I often have to hide behind the podum 23 00:01:43,318 --> 00:01:48,620 lest people throw rotten fruit at me, but I only do pro-bono legal work. 24 00:01:48,620 --> 00:01:53,751 I do that as a volunteer for the Free Software Foundation and GNOME 25 00:01:53,751 --> 00:01:56,064 and a few other free software organisations. 26 00:01:56,064 --> 00:02:04,179 I'm really, really in to free software, and the reason why, for many reasons, 27 00:02:04,179 --> 00:02:08,090 but largely I'm actually a cyborg. 28 00:02:08,090 --> 00:02:12,013 I actually, literally have a big heart. 29 00:02:12,013 --> 00:02:15,332 My heart is three times the size of a normal person's heart 30 00:02:15,332 --> 00:02:20,409 and it's fine. I'm mostly asymptomatic, it's not a big deal, 31 00:02:20,409 --> 00:02:24,110 but I’m at a very high risk of suddenly dying. 32 00:02:24,110 --> 00:02:27,963 The medical term is actually ‘sudden death’. 33 00:02:27,963 --> 00:02:37,702 It’s 2—3% per year, compounding my risk of suddenly dying, 34 00:02:37,702 --> 00:02:39,922 and I was diagnosed at age 3. 35 00:02:39,922 --> 00:02:45,382 And so it's a very high risk of suddenly dying, but it’s all fine, because 36 00:02:45,382 --> 00:02:50,316 my doctors prescribed a pacemaker defibrillator. 37 00:02:50,316 --> 00:02:57,094 When you go to the doctor’s office, and they tell you that you need one of these 38 00:02:57,094 --> 00:02:59,955 things, the electro-physiologists have 39 00:02:59,955 --> 00:03:04,208 these devices in their desk drawers. 40 00:03:04,208 --> 00:03:06,712 The medical device companies give them a stack of them. 41 00:03:06,712 --> 00:03:10,865 They're extremely expensive — I got the bill for mine, I think it was something 42 00:03:10,865 --> 00:03:13,930 like $75,000 US 43 00:03:13,930 --> 00:03:19,374 They have them in their drawer, they slide them over to you, because they want you to 44 00:03:19,374 --> 00:03:23,445 hold them and to know that theyzre so small, and so light and theyzre not scary. 45 00:03:23,445 --> 00:03:28,294 They say ‘hold this’, so I take it, and I hold it, and I’m looking at it, 46 00:03:28,294 --> 00:03:32,686 and the doctor’s looking at me like ‘Right? This is OK, right?’ 47 00:03:32,686 --> 00:03:35,720 And I say ‘OK, so what does it run?’ 48 00:03:35,720 --> 00:03:37,547 (LAUGHTER) 49 00:03:37,547 --> 00:03:39,997 And the guy looked at me and said ‘Run?’ 50 00:03:39,997 --> 00:03:42,433 And so I said ‘Oh, yeah’, so then I explained there’s software in this device. 51 00:03:42,433 --> 00:03:45,538 We had a little back and forth, and he said ‘Well, don't worry about it because 52 00:03:45,538 --> 00:03:49,287 I'm going to get the representative from Medtronic, who you’re so lucky is in 53 00:03:49,287 --> 00:03:54,296 the office today!’ and that guy said ‘Software? Run?’ 54 00:03:54,296 --> 00:03:59,072 This sent me down a path where I started researching the safety of software 55 00:03:59,072 --> 00:04:05,046 in these devices and I was luckily able to make it a part of my job, and do a bunch 56 00:04:05,046 --> 00:04:10,938 of research, and ultimately, I decided I had to get this defibrillator and get 57 00:04:10,938 --> 00:04:16,941 proprietary software literally implanted into my body and screwed into my heart. 58 00:04:16,941 --> 00:04:20,610 And that I would advocate for software safety. 59 00:04:20,610 --> 00:04:24,263 When you start looking at your own mortality 60 00:04:24,263 --> 00:04:29,665 and your own life, and you realise that you rely on software that you can’t see, 61 00:04:29,665 --> 00:04:33,575 that you can’t review, you can’t get anyone else to review it, 62 00:04:33,575 --> 00:04:36,188 if there’s a problem you can’t patch it. 63 00:04:36,188 --> 00:04:41,223 And worse still, locked in to single vendors 64 00:04:41,223 --> 00:04:49,260 if there’s a catastrophic failure at one of these medical device companies, 65 00:04:49,260 --> 00:04:51,040 then we’re out of luck. 66 00:04:51,040 --> 00:04:55,045 I can't update my defibrillator, and it is a problem. 67 00:04:55,045 --> 00:04:58,247 I have to wait until Metronic — 68 00:04:58,247 --> 00:05:01,755 Well, I'm picking on Metronic, but I chose them because I thought they were the 69 00:05:01,755 --> 00:05:03,442 best of the bunch — 70 00:05:03,442 --> 00:05:05,969 but I have to wait for Metronic to admit that there’s a problem, 71 00:05:05,969 --> 00:05:08,884 for them to make a fix, to deploy that fix 72 00:05:08,884 --> 00:05:10,779 I’m completely powerless 73 00:05:10,779 --> 00:05:15,378 Once you start thinking about your medical devices and your heart 74 00:05:15,378 --> 00:05:17,977 It’s not a long walk to get to cars. 75 00:05:17,977 --> 00:05:20,685 A luxury car is 100 million lines of code 76 00:05:20,685 --> 00:05:22,786 and the Software Engineering Institute 77 00:05:22,786 --> 00:05:27,468 estimates that there’s 1 bug introduced for every 100 lines of code 78 00:05:27,468 --> 00:05:31,248 So even if we’re catching the vast majority, medical device recalls have 79 00:05:31,248 --> 00:05:37,538 demonstrated that simple things like all-pairs testing would have avoided 80 00:05:37,538 --> 00:05:42,155 98% of the software recalls in medical devices, it’s all really fascinating. 81 00:05:42,155 --> 00:05:44,051 It’s a whole talk in itself. 82 00:05:44,051 --> 00:05:48,083 For me, this got me extremely passionate about software freedom, 83 00:05:48,083 --> 00:05:51,539 where I previously thought that open source was cool. 84 00:05:51,539 --> 00:05:56,142 I have now come along to the view that software freedom is absolutely essential 85 00:05:56,142 --> 00:06:01,003 to our lives, to our society, and to our overall framework. 86 00:06:01,003 --> 00:06:05,411 That has put me solidly in the free software space and 87 00:06:05,411 --> 00:06:08,191 I am lucky that I get to work on the charity side. 88 00:06:08,191 --> 00:06:13,040 The Software Freedom Conservancy is a 501(c)3 89 00:06:13,040 --> 00:06:15,824 That’s a reference to the US tax code 90 00:06:15,824 --> 00:06:19,481 Extremely geeky and you get a lot of people in our space who know all about 91 00:06:19,481 --> 00:06:22,735 the different tax codes and will rattle off different numbers to you. 92 00:06:22,735 --> 00:06:26,224 It’s like the same people who rattle off sections of the GPL to you. 93 00:06:26,224 --> 00:06:31,685 (c)3 refers to the US tax code 94 00:06:31,685 --> 00:06:33,647 It’s a charity and there are analogues 95 00:06:33,647 --> 00:06:38,284 in every country — most of them have — 96 00:06:38,284 --> 00:06:40,926 different types of charitable organisations, vs 97 00:06:40,926 --> 00:06:46,580 a trade association which in the US is a (c)6 — you’ll hear people say 98 00:06:46,580 --> 00:06:48,662 ‘It’s a (c)3, it’s a (c)6’ 99 00:06:48,662 --> 00:06:51,927 (c)3 — charity, (c)6 — trade association 100 00:06:51,927 --> 00:06:56,626 We’ve got companies, free software is developed in a wide variety of ways, 101 00:06:56,626 --> 00:06:58,624 in a wide variety of organisations 102 00:06:58,624 --> 00:07:01,860 and all these organisations are working together 103 00:07:01,860 --> 00:07:04,277 on a lot of the same goals 104 00:07:04,277 --> 00:07:07,571 but with extremely different motivations. 105 00:07:07,571 --> 00:07:10,266 If you look at all these different areas, 106 00:07:10,266 --> 00:07:15,606 you can start to contemplate how that might start to play out. 107 00:07:15,606 --> 00:07:19,481 In this talk, I’m focusing on the company element because I think that 108 00:07:19,481 --> 00:07:26,106 we’re sort of at point of a tree in free and open source software where we're able 109 00:07:26,106 --> 00:07:29,506 to see what’s happened over a longer period of time 110 00:07:29,506 --> 00:07:32,977 and start to look forward in how that impacts us. 111 00:07:32,977 --> 00:07:43,046 I think it’s so awesome that companies have an interest in free software. 112 00:07:43,046 --> 00:07:48,136 Raise your hand if you’re making money by working in free and open source software. 113 00:07:48,136 --> 00:07:51,526 It’s like, ¾ of the room! 114 00:07:51,526 --> 00:07:56,198 I did notice that John Sullivan of the FSF was raising his hand too. (LAUGHTER) 115 00:07:56,198 --> 00:08:00,666 And I should raise my hand too, because I do take a salary from Conservancy. 116 00:08:00,666 --> 00:08:04,772 The Company interest in free and open source software is fantastic because it 117 00:08:04,772 --> 00:08:08,403 means we all get to work on making sure there’s great free and open source 118 00:08:08,403 --> 00:08:13,013 software that companies use in their products. 119 00:08:13,013 --> 00:08:16,348 It works out well for a lot of reasons 120 00:08:16,348 --> 00:08:22,705 I think that, in fact, it’s essential that companies be interested in free and open 121 00:08:22,705 --> 00:08:26,288 source software because it takes free and open source software to another level. 122 00:08:26,288 --> 00:08:31,140 It means that free software is doing something right 123 00:08:31,140 --> 00:08:35,014 if the software is so good that companies are deploying it in their products 124 00:08:35,014 --> 00:08:39,361 and it’s now an essential part of the software that companies need to be 125 00:08:39,361 --> 00:08:42,363 relevant and to bring their products to market. 126 00:08:42,363 --> 00:08:46,614 It’s great that there’s money in free and open source software because 127 00:08:46,614 --> 00:08:48,375 everyone needs to eat. 128 00:08:48,375 --> 00:08:52,665 On top of that, we can do a lot more when there are people working full time 129 00:08:52,665 --> 00:08:54,385 on these issues. 130 00:08:54,385 --> 00:08:57,600 When companies are employing those people to work in free software 131 00:08:57,600 --> 00:09:01,617 there are interesting things that happen. 132 00:09:01,617 --> 00:09:05,959 This works out some of the time. 133 00:09:05,959 --> 00:09:10,944 It works out where companies employ people to work in free software, 134 00:09:10,944 --> 00:09:14,830 and great work is done, and everyone benefits from it. 135 00:09:14,830 --> 00:09:20,580 Companies have increased software to draw from. 136 00:09:20,580 --> 00:09:24,154 Companies work together where they're allies in some ways, and 137 00:09:24,154 --> 00:09:25,916 competitors in others 138 00:09:25,916 --> 00:09:27,274 It's very interesting. 139 00:09:27,274 --> 00:09:32,343 This is a slide from the Linux Foundation brochure. 140 00:09:32,343 --> 00:09:36,710 They may have updated it since then, but it sort of says all the places 141 00:09:36,710 --> 00:09:43,313 where Linux is and you can appreciate how much money there is in free software 142 00:09:43,313 --> 00:09:50,284 and how relevant Linux is generally — the Linux kernel. 143 00:09:50,284 --> 00:09:55,888 Or GNU/Linux. 144 00:09:55,888 --> 00:10:04,967 When you start to evaluate the presence of companies in free software you start to 145 00:10:04,967 --> 00:10:14,310 feel the boundaries of where lawyers say our interests are aligned. 146 00:10:14,310 --> 00:10:17,179 When we're talking about people who have different motivations 147 00:10:17,179 --> 00:10:22,289 or are interested in different things, but are working together. 148 00:10:22,289 --> 00:10:25,429 So their interests are aligned. 149 00:10:25,429 --> 00:10:28,876 You can see how the free software community and society's interests 150 00:10:28,876 --> 00:10:31,643 are often aligned with companies. 151 00:10:32,108 --> 00:10:34,645 But when you start to think about it closely, you start to get 152 00:10:34,645 --> 00:10:38,757 to the borders and boundaries of where those interests are, in fact, aligned. 153 00:10:43,028 --> 00:10:44,547 During that introductory panel yesterday about open hardware we started 154 00:10:44,547 --> 00:10:47,290 to touch on it. 155 00:10:47,290 --> 00:10:51,684 Andy was talking about a particular product, 156 00:10:51,684 --> 00:10:55,604 where the product was effectively bricked because the company who had sold it 157 00:10:55,604 --> 00:10:58,732 had turned off the services to it. 158 00:10:58,732 --> 00:11:06,758 Bdale was talking about how in an Internet of Things, we really need open standards 159 00:11:06,758 --> 00:11:11,667 and we need to make choices where we can work together so that the efforts we make 160 00:11:11,667 --> 00:11:15,519 individually extend to everyone. 161 00:11:15,519 --> 00:11:20,535 I think that starts to hit it on the head. 162 00:11:20,535 --> 00:11:24,406 I think that where we start to think critically on the role of free software 163 00:11:24,406 --> 00:11:27,853 in society, or the role of free software at companies, 164 00:11:27,853 --> 00:11:31,430 we hit against this idea very, very quickly. 165 00:11:31,430 --> 00:11:38,981 Edward Snowden gave a really amazing keynote Q&A at LibrePlanet. 166 00:11:38,981 --> 00:11:43,723 There he said "while sometimes corporations are on our side, 167 00:11:43,723 --> 00:11:46,338 and sometimes stand up for the public interest, 168 00:11:46,338 --> 00:11:48,972 we should not have to rely on them." 169 00:11:48,972 --> 00:11:52,358 That's the thing - companies can do the right thing. 170 00:11:52,358 --> 00:11:55,565 They can have societal interests at heart 171 00:11:55,565 --> 00:11:59,022 but it's not their goal, it's not their job, it's not what they're set up for. 172 00:11:59,022 --> 00:12:00,908 They're set up to maximise profit. 173 00:12:00,908 --> 00:12:03,505 And there are ethical rules, and different countries have different rules about 174 00:12:03,505 --> 00:12:05,290 things that companies can do. 175 00:12:05,290 --> 00:12:08,697 I don't want to overly dramatise it. 176 00:12:08,697 --> 00:12:16,572 I don't think that anyone can say that companies are evil. 177 00:12:16,572 --> 00:12:20,013 There could in extreme cases be evil people that are working at 178 00:12:20,013 --> 00:12:21,490 a particular company. 179 00:12:21,490 --> 00:12:23,187 These things are much more complex. 180 00:12:23,187 --> 00:12:27,065 It's just that companies have the goal of making profit. 181 00:12:27,065 --> 00:12:30,271 They're not necessarily looking out for the public interest. 182 00:12:30,271 --> 00:12:33,020 In fact they often have incentives such that 183 00:12:33,020 --> 00:12:38,489 they're not focused on the public interest at all. 184 00:12:38,489 --> 00:12:41,897 Raise your hand if you've heard of Volkswagen and the scandal that happened 185 00:12:41,897 --> 00:12:44,383 recently - I think that's probably everybody. 186 00:12:44,383 --> 00:12:48,038 Raise your hand if you've heard about VMware and the lawsuit against them. 187 00:12:48,038 --> 00:12:50,290 So that, like three quarters. 188 00:12:50,290 --> 00:12:56,259 I chose these two companies not because they begin with the letter 'V' [laughter] 189 00:12:56,259 --> 00:13:00,649 The Volkswagen scandal, which I don't think I need to go in to, 190 00:13:00,649 --> 00:13:02,280 I think everybody raised their hand, 191 00:13:02,280 --> 00:13:05,411 was very interesting because 192 00:13:05,411 --> 00:13:11,156 it was a part of technology where 193 00:13:11,156 --> 00:13:18,148 if the engineers in house, like those working in VMware, had felt empowered 194 00:13:18,148 --> 00:13:22,421 to raise the issue much, much earlier 195 00:13:22,421 --> 00:13:28,191 you would see that actually, Volkswagen would have done better profit wise, too. 196 00:13:28,191 --> 00:13:30,154 It's a really interesting situation, because 197 00:13:30,154 --> 00:13:39,275 having the scandal, and some of the people knew that this was happening 198 00:13:39,275 --> 00:13:42,795 and the corporate culture was such that they determined it was more 199 00:13:42,795 --> 00:13:48,771 in Volkswagen's interest to keep this quiet, hoping they wouldn't be caught. 200 00:13:48,771 --> 00:13:53,499 Corporate interests sometimes point in that direction, whereas if - 201 00:13:53,499 --> 00:13:55,798 well, I'll get to that at some point. 202 00:13:55,798 --> 00:13:59,823 But VMware is very interesting because, 203 00:13:59,823 --> 00:14:03,948 for people who didn't know, and there's about a quarter of you who didn't. 204 00:14:03,948 --> 00:14:07,676 One of the things we do at the Software Freedom Conservancy is that we have 205 00:14:07,676 --> 00:14:14,450 a group of kernel developers who hold copyrights in their portions of the Linux 206 00:14:14,450 --> 00:14:19,790 Kernel and they come together as a group within Conservancy to have us 207 00:14:19,790 --> 00:14:21,456 enforce their copyrights. 208 00:14:21,456 --> 00:14:24,432 So we go knocking on companies doors and we say: 209 00:14:24,432 --> 00:14:31,117 "Hey, you've got no source with your product, and no offer for source. 210 00:14:31,117 --> 00:14:34,554 Can you do something about it" and we have a lot of back and forth about that. 211 00:14:34,554 --> 00:14:39,149 We also now have the Debian Copyright Aggregation project 212 00:14:39,149 --> 00:14:43,630 which does a similar thing for Debian. 213 00:14:43,630 --> 00:14:48,408 VMware was a company that we had tried to get into compliance for four years. 214 00:14:48,408 --> 00:14:53,766 While they had made significant progress towards doing the right thing and having 215 00:14:53,766 --> 00:14:58,627 compliance, at the end of the day they put their foot down and said that they 216 00:14:58,627 --> 00:15:03,599 basically didn't agree with the derivative works provisions of the GPL, 217 00:15:03,599 --> 00:15:07,598 as how it related to VMware, and they refused to comply. 218 00:15:07,598 --> 00:15:13,066 And so Christoph Hellwig filed a lawsuit that Conservancy funded in Germany and 219 00:15:13,066 --> 00:15:17,581 that's starting to unfold and it'll be interesting to see 220 00:15:17,581 --> 00:15:21,680 where that case lies. 221 00:15:21,680 --> 00:15:26,314 All of these things point towards motivations of companies 222 00:15:26,314 --> 00:15:30,609 with their use of software and how that might be different from 223 00:15:30,609 --> 00:15:33,389 what the community might want. 224 00:15:33,389 --> 00:15:39,175 One of those ways that plays out in a very fundamental way is the timescale at which 225 00:15:39,175 --> 00:15:44,536 companies are acting are often more concerned with their quarterly results 226 00:15:44,536 --> 00:15:47,699 than they are with their long term results. 227 00:15:47,699 --> 00:15:52,286 And so they're going to be highly motivated to look a little bit more 228 00:15:52,286 --> 00:15:54,336 short term, as opposed to — 229 00:15:54,336 --> 00:15:58,186 There are some companies that think very strategically about the long term - 230 00:15:58,186 --> 00:16:02,004 but overall global corporate culture has become one, 231 00:16:02,004 --> 00:16:07,859 such that companies are really trying to maximise their quarterly results. 232 00:16:07,859 --> 00:16:14,561 What makes a good short to medium-term decision for a company is often not at all 233 00:16:14,561 --> 00:16:21,038 what is good for society, or even in the long-term interests of customers, 234 00:16:21,038 --> 00:16:25,887 because companies don't necessarily care if you'll be a customer of their's 235 00:16:25,887 --> 00:16:29,784 in 10 years, they care more that you continue tomorrow, and next week, 236 00:16:29,784 --> 00:16:32,211 and next month. 237 00:16:32,211 --> 00:16:36,108 Especially in technology where it's very hard to predict where technology might go 238 00:16:36,108 --> 00:16:38,438 within the next year or two. 239 00:16:38,438 --> 00:16:41,700 There are a lot of ways in which companies 240 00:16:41,700 --> 00:16:47,536 don't necessarily have your interests at heart that are not necessarily nefarious. 241 00:16:47,536 --> 00:16:51,534 For example, I have this pacemaker defibrillator. 242 00:16:51,534 --> 00:17:00,099 I am not in the standard set of people who get pacemaker defibrillators. 243 00:17:00,099 --> 00:17:05,403 Still, I'm young enough that that's still true. 244 00:17:05,403 --> 00:17:10,557 I was recently pregnant, and when I've been pregnant, I've been shocked twice 245 00:17:10,557 --> 00:17:13,367 inappropriately by my defibrillator. 246 00:17:13,367 --> 00:17:17,385 Because my heart was doing something that a normal pregnant woman's heart does. 247 00:17:17,385 --> 00:17:21,539 Pregnant women often have their hearts race and my pulse shot up and 248 00:17:21,539 --> 00:17:27,849 I got shocked twice even though I was not in need of a shock. 249 00:17:27,849 --> 00:17:34,442 Simply put - I couldn't expect Medtronic to be focused on my use case, 250 00:17:34,442 --> 00:17:39,936 because for example when I went to my obstetrician in New York city, 251 00:17:39,936 --> 00:17:45,543 at a major hospital, where the high risk doctor surely saw thousands of - 252 00:17:45,543 --> 00:17:49,336 I mean, she's a senior in her career, she's a great doctor - 253 00:17:49,336 --> 00:17:52,715 and there were a couple of things I said to her like, you know: 254 00:17:52,715 --> 00:17:57,587 "If you have patients with defibrillators you should know that if they get an 255 00:17:57,587 --> 00:18:01,244 epidural, it reminds you of getting shocked." 256 00:18:01,244 --> 00:18:03,232 You should know this for your future defibrillator patients. 257 00:18:03,232 --> 00:18:06,575 And she looked at me and she said: "Karen, I don't have defibrillator patients that 258 00:18:06,575 --> 00:18:14,172 have babies! I've had one other patient in all of my years, like 5 years ago who had 259 00:18:14,172 --> 00:18:17,637 a defibrillator, who had a baby in my hospital" 260 00:18:17,637 --> 00:18:22,001 It's simply the class of people who have defibrillators and the class of people who 261 00:18:22,001 --> 00:18:25,805 have babies overlap very little. 262 00:18:25,805 --> 00:18:29,417 So Metronic as a company doesn't have a strong sample set to work with. 263 00:18:29,417 --> 00:18:31,504 They're not focused on the use case. 264 00:18:31,504 --> 00:18:36,563 I promise you that Metronic does not want their pregnant patients being shocked. 265 00:18:38,929 --> 00:18:39,179 (LAUGHTER) 266 00:18:39,179 --> 00:18:42,464 They have a strong interest in making sure that pregnant women with heart 267 00:18:42,464 --> 00:18:44,950 conditions are not inappropriately shocked. 268 00:18:48,851 --> 00:18:49,101 But nonetheless, I was shocked because the 269 00:18:51,715 --> 00:18:51,965 company simply wasn't focused on my use case. 270 00:18:51,965 --> 00:18:55,184 And this can happen in many ways, and it's hard to predict the ways in which you're 271 00:18:55,184 --> 00:18:58,219 using software that was written for one purpose, 272 00:18:58,219 --> 00:19:02,701 how you might be using it for a use case that wasn't anticipated. 273 00:19:02,701 --> 00:19:05,637 This is true across the board. 274 00:19:05,637 --> 00:19:08,809 My health condition is just a metaphor for all the ways we use software. 275 00:19:08,809 --> 00:19:11,251 When you move from one geographic region into another, 276 00:19:11,251 --> 00:19:14,082 communities have different needs, and they different cultures, and they use 277 00:19:14,082 --> 00:19:16,673 software very differently. 278 00:19:16,673 --> 00:19:22,235 We could talk a lot - and I hope that we do informally - about how improving 279 00:19:22,235 --> 00:19:26,720 diversity in our communities helps us deal with that a little bit more by 280 00:19:26,720 --> 00:19:32,028 anticipating use cases across cultures and across expectations. 281 00:19:32,028 --> 00:19:37,675 That's sort of one way that there's sort of a mismatch. 282 00:19:37,675 --> 00:19:44,712 How many people here think that free software and open source software 283 00:19:44,712 --> 00:19:47,163 are the same thing? Raise your hand. 284 00:19:47,163 --> 00:19:49,953 It's not a trick question, whatever you think - if you think it's the same thing, 285 00:19:49,953 --> 00:19:51,227 raise your hand. 286 00:19:51,227 --> 00:19:53,715 How may people think they're radically different things, or different things? 287 00:19:53,715 --> 00:19:56,202 Ok, so it's interesting. 288 00:19:56,202 --> 00:19:59,864 More people thought they were different things than thought they were the same, 289 00:19:59,864 --> 00:20:02,747 but there were a lot of people who were undecided. 290 00:20:02,747 --> 00:20:03,829 I can tell you that maybe five years ago, maybe more, 291 00:20:07,998 --> 00:20:15,273 I was on a real advocating bent to convince people that it really didn't 292 00:20:15,273 --> 00:20:17,910 matter what we called free software and open source software, 293 00:20:17,910 --> 00:20:20,792 it didn't matter what we called it as long as we were talking about freedom. 294 00:20:20,792 --> 00:20:26,128 And if you look, the definition - the four freedoms, and the open source definition 295 00:20:26,128 --> 00:20:27,498 line up pretty well. 296 00:20:27,498 --> 00:20:32,958 There are a few, very historic, situations where there are licenses that are 297 00:20:32,958 --> 00:20:39,980 approved by OSI but not on the Free Software Foundation's list, 298 00:20:39,980 --> 00:20:44,253 but generally, what they're talking about in principle are the same thing. 299 00:20:44,253 --> 00:20:48,823 So I think from a legal perspective we can use the terms interchangeably, 300 00:20:48,823 --> 00:20:54,541 but with the perspective now that I've had of watching companies in our space 301 00:20:54,541 --> 00:20:59,530 a little bit more, I actually feel a little bad about the glossing over that 302 00:20:59,530 --> 00:21:03,690 I had done, because the motivations that are represented by the terms, 303 00:21:03,690 --> 00:21:06,505 even if it's not a legal description of licenses, 304 00:21:06,505 --> 00:21:10,158 the motivations that people assign when they talk about free software 305 00:21:10,158 --> 00:21:13,053 versus when they talk about open source software are very interesting, 306 00:21:13,053 --> 00:21:14,340 and very different. 307 00:21:14,340 --> 00:21:20,770 Has anybody here seen the Silicon Valley, (LAUGHTER) 308 00:21:20,770 --> 00:21:24,972 Everyone who has seen the TV show Silicon Valley was laughing very loudly. 309 00:21:24,972 --> 00:21:26,494 So not very many people in here. 310 00:21:26,494 --> 00:21:29,267 There's this TV show in the United States called Silicon Valley. 311 00:21:29,267 --> 00:21:33,721 It's hilarious, it's about the startup culture in Silicon Valley, in California. 312 00:21:33,721 --> 00:21:38,826 There's this company called Hooli, which is like an analogue to Google, but it's 313 00:21:38,826 --> 00:21:41,896 an amalgamation of different companies. 314 00:21:41,896 --> 00:21:46,105 And in the first season of this show, everywhere they go in Silicon Valley 315 00:21:46,105 --> 00:21:49,568 people are talking about "Making the world better" through whatever 316 00:21:49,568 --> 00:21:51,576 start up idea they had. 317 00:21:51,576 --> 00:21:53,909 And there were posters everywhere: "Making the world better through 318 00:21:53,909 --> 00:21:56,068 blah-di-blah-di-blah-di-blah-di-blah." 319 00:21:56,068 --> 00:21:59,294 When actually, they weren't trying to make the world better, they were just using 320 00:21:59,294 --> 00:22:05,230 that language, and when I first saw that on TV, my jaw dropped! 321 00:22:05,230 --> 00:22:08,127 I was like "Wait! That is our rhetoric!" 322 00:22:08,127 --> 00:22:10,846 And we've been using that in software freedom to talk about making 323 00:22:10,846 --> 00:22:15,660 the world better and it's been completely co-opted by companies who are also active 324 00:22:15,660 --> 00:22:20,400 in our space, who may also be, to some extent, making the world better, 325 00:22:20,400 --> 00:22:25,486 but co-opting that message so strongly that it's now a joke. 326 00:22:25,486 --> 00:22:32,196 It's such a joke that everywhere in this show, for the entire season, 327 00:22:32,196 --> 00:22:37,281 it was somebody, you know: "We are raising our series A, but the important thing 328 00:22:37,281 --> 00:22:43,073 is we're making the world better". 329 00:22:43,073 --> 00:22:48,200 It's interesting to take a hard look, and it actually threw me through a loop 330 00:22:48,200 --> 00:22:51,670 because I thought: Wait, am I trying to make the world better through software 331 00:22:51,670 --> 00:22:54,268 freedom really, or have I completely lost the plot? 332 00:22:54,268 --> 00:22:59,528 Because this is what I've been saying and is that true? 333 00:22:59,528 --> 00:23:05,707 I think I've sort of come out the other end of saying actually, this is residual 334 00:23:05,707 --> 00:23:10,066 from a very good job that the free software community has been doing of 335 00:23:10,066 --> 00:23:13,719 making companies feel welcome, and making them feel empowered and good about the 336 00:23:13,719 --> 00:23:16,456 choices they make by investing in free software 337 00:23:16,456 --> 00:23:20,161 and there are a lot of good things that are related to this that we can continue 338 00:23:20,161 --> 00:23:26,148 to increase, but we have to be very wary of what our motivations are and who's 339 00:23:26,148 --> 00:23:30,413 selling us what, so that we know how we can interact with them and what we should 340 00:23:30,413 --> 00:23:34,349 do if there's partnerships. And I can tell you that undertaking GPL enforcement: 341 00:23:34,349 --> 00:23:37,062 Completely eye-opening to see what companies do 342 00:23:37,062 --> 00:23:39,301 and how they really think about free software. 343 00:23:39,301 --> 00:23:42,059 Because when you ask them to comply and they're out of compliance, 344 00:23:42,059 --> 00:23:47,123 when you ask them to release their proprietary kernel modules, 345 00:23:47,123 --> 00:23:54,288 the answers you get are not about making the world better, I promise you [laughter] 346 00:23:54,288 --> 00:24:00,091 We need companies. We need to work with them. 347 00:24:00,091 --> 00:24:05,025 Free software won't be relevant, we won't win - I mean, win, whatever that means - 348 00:24:05,025 --> 00:24:09,753 we won't be relevant, we won't really make the world better if we don't also have 349 00:24:09,753 --> 00:24:11,812 companies participating and contributing 350 00:24:11,812 --> 00:24:15,062 and companies have a lot to add, with their own perspective. 351 00:24:15,062 --> 00:24:17,556 But we need to do it on our own terms. 352 00:24:17,556 --> 00:24:20,891 And we need to, as a community, take more ownership of that 353 00:24:20,891 --> 00:24:27,347 and be more of a participant in that culture. 354 00:24:27,347 --> 00:24:33,837 I'm naturally an optimist. By nature I really think the best of people and 355 00:24:33,837 --> 00:24:37,224 I think the best of companies, I think the best of the world. 356 00:24:37,224 --> 00:24:42,196 I've been accused of being a bit of a Pollyanna at times 357 00:24:42,196 --> 00:24:47,820 however, as a lawyer, there's nothing about being trained to be a lawyer except 358 00:24:47,820 --> 00:24:50,738 being trained to be a pessimist. 359 00:24:50,738 --> 00:24:53,505 And expect absolutely the worst of everyone. 360 00:24:53,505 --> 00:24:56,685 And you have to expect that situations will go bad. 361 00:24:56,685 --> 00:25:01,166 And you have to expect, that even though you're working positively with a company 362 00:25:01,166 --> 00:25:06,206 today, that tomorrow that relationship might go south. 363 00:25:06,206 --> 00:25:12,566 It might be because the people who are in ownership or running the company have 364 00:25:12,566 --> 00:25:15,264 had incentives to change their goals, 365 00:25:15,264 --> 00:25:18,354 but it could also simply be that the company has been acquired. 366 00:25:18,354 --> 00:25:23,428 Or that leadership has changed completely. You can't expect that a company that is a 367 00:25:23,428 --> 00:25:27,017 good actor today will be a good actor tomorrow. 368 00:25:27,017 --> 00:25:30,282 Again, that's not to say you should be unreasonably suspicious but 369 00:25:30,282 --> 00:25:33,898 you need to plan for the worst case scenarios no matter what 370 00:25:33,898 --> 00:25:37,709 and this is why we have lawyers, and this is why we have legal regimes. 371 00:25:37,709 --> 00:25:42,206 What it's really about is power, and it's about a power balance. 372 00:25:42,206 --> 00:25:48,610 One of the things that's really cool about free and open source software is that we 373 00:25:48,610 --> 00:25:51,492 have some legal regimes that are sometimes in place 374 00:25:51,492 --> 00:25:55,082 to help keep that balance of power. 375 00:25:55,082 --> 00:26:01,664 The GPL is a fundamental mechanism for keeping that balance of power 376 00:26:01,664 --> 00:26:05,746 with companies, keeping that balance of power with each other, 377 00:26:05,746 --> 00:26:09,276 and also keeping that balance of power in check with developers and 378 00:26:09,276 --> 00:26:11,655 with society in general. 379 00:26:11,655 --> 00:26:18,787 This is a copyheart logo with the GPL. 380 00:26:18,787 --> 00:26:25,228 As you may have noticed, some people in the last 5-10 years, 381 00:26:25,228 --> 00:26:28,751 lax permissive licensing has really taken hold. 382 00:26:28,751 --> 00:26:33,946 I see some real vigorous nodding in the audience. 383 00:26:33,946 --> 00:26:41,354 I think that a lot of that has to do with not the original emphasis on 384 00:26:41,354 --> 00:26:44,553 lax permissive licensing. 385 00:26:44,553 --> 00:26:48,151 Not the original freedom emphasis from the BSD communities - 386 00:26:48,151 --> 00:26:52,592 that cultural insistence on a pure kind of freedom, 387 00:26:52,592 --> 00:26:59,643 where folks thought that the GPL was too restrictive, 388 00:26:59,643 --> 00:27:03,916 and that the only way of having true freedom was to have the ability 389 00:27:03,916 --> 00:27:05,796 to proprietarize it. 390 00:27:05,796 --> 00:27:09,976 As a concept of freedom, I think that has actually shifted and it's not the reason 391 00:27:09,976 --> 00:27:15,004 why in the last 10 years lax permissive licensing has become so popular. 392 00:27:15,004 --> 00:27:19,772 It's become so popular because companies have been messaging so strongly that 393 00:27:19,772 --> 00:27:24,681 the only way you can get your software adopted is by using a lax permissive 394 00:27:24,681 --> 00:27:26,389 license. 395 00:27:26,389 --> 00:27:29,230 And people have thought this so wholeheartedly. 396 00:27:29,230 --> 00:27:34,465 It's so fascinating to me because we had so much success with Linux 397 00:27:34,465 --> 00:27:40,883 under the GPL and the technology gets to a place with the GPL that you wouldn't 398 00:27:40,883 --> 00:27:45,019 necessarily be able to get to otherwise. 399 00:27:45,019 --> 00:27:50,157 Linus Torvalds, for example has publicly said the biggest contribution he made 400 00:27:50,157 --> 00:27:54,706 was not any technological contribution, but instead the license choice 401 00:27:54,706 --> 00:27:57,526 behind the Linux kernel. 402 00:27:57,526 --> 00:28:03,813 We're really out of balance on this because we've gone really strongly as a 403 00:28:03,813 --> 00:28:09,438 society towards non-copylefted software. 404 00:28:09,438 --> 00:28:14,840 This has upset the balance we can expect from companies and I thought it was very 405 00:28:14,840 --> 00:28:19,866 interesting - this is Martin Fink of Hewlett Packard Enterprises 406 00:28:19,866 --> 00:28:23,375 at the last LinuxCon Europe - he gave a talk and he said we need to 407 00:28:23,375 --> 00:28:28,919 "change the default" back to copyleft, from permissive licensing. 408 00:28:28,919 --> 00:28:34,041 He gave a lot of really interesting business minded reasons why 409 00:28:34,041 --> 00:28:36,643 it's good for business that this is the case. 410 00:28:36,643 --> 00:28:40,818 He said that what happens if you choose a non-copyleft license you have to 411 00:28:40,818 --> 00:28:44,850 introduce all of this governance and infrastructure to make sure that companies 412 00:28:44,850 --> 00:28:48,357 play fairly with one another, and it's expensive and it's artificial and 413 00:28:48,357 --> 00:28:50,874 it sometimes breaks down. 414 00:28:50,874 --> 00:28:56,804 From our perspective I think that from a community project, 415 00:28:56,804 --> 00:29:01,108 from a community perspective, I think his message of change the default has a whole 416 00:29:01,108 --> 00:29:04,564 additional power to it. 417 00:29:04,564 --> 00:29:08,605 And I thought that hearing somebody who's coming from such a corporate perspective 418 00:29:08,605 --> 00:29:17,441 echo within a corporate construct what I think we need to do more as a society 419 00:29:17,441 --> 00:29:20,637 and community was I think extremely powerful. 420 00:29:20,637 --> 00:29:27,254 So if somebody tries to tell you that if you're starting a new project 421 00:29:27,254 --> 00:29:31,021 that you will only find success and popularity by using a permissive license 422 00:29:31,021 --> 00:29:32,584 it's simply not true. 423 00:29:32,584 --> 00:29:36,408 It's again, trading those long term versus short term goals. 424 00:29:36,408 --> 00:29:40,437 Maybe you'll get some companies to adopt it a little bit sooner, but down the road 425 00:29:40,437 --> 00:29:44,612 your project is potentially going to be forked by another company and you won't 426 00:29:44,612 --> 00:29:47,556 be able to see any of those changes, and you'll be completely locked out of the 427 00:29:47,556 --> 00:29:50,392 relevant part of software. 428 00:29:50,392 --> 00:29:55,452 Just something to think about. 429 00:29:55,452 --> 00:29:59,909 Without enforcement there is no copyleft, effectively. 430 00:29:59,909 --> 00:30:02,311 You could choose a license until you're blue in the face, 431 00:30:02,311 --> 00:30:05,653 but if there's not anyone who's going to enforce it at the end of the day, 432 00:30:05,653 --> 00:30:07,751 you may as well have never made that choice to begin with. 433 00:30:07,751 --> 00:30:11,597 Nobody is going to take you seriously if there are no consequences to 434 00:30:11,597 --> 00:30:14,800 not following the rules. 435 00:30:14,800 --> 00:30:19,829 But having centralised power can really, really frustrate that balance. 436 00:30:19,829 --> 00:30:29,048 So if it's, for example, a strong copyleft license, if it's an AGPL or GPL program, 437 00:30:29,048 --> 00:30:32,229 but all the copyrights are owned by a single company, 438 00:30:32,229 --> 00:30:35,207 then you have a power balance. 439 00:30:35,207 --> 00:30:38,776 The fact that the software is under a copyleft license helps, but it doesn't get 440 00:30:38,776 --> 00:30:42,355 you all the way to that great balance. 441 00:30:42,355 --> 00:30:45,378 In many ways Debian really has the best of both worlds, 442 00:30:45,378 --> 00:30:48,755 because with Debian, it's such a big project, and there's copyrights that're so 443 00:30:48,755 --> 00:30:54,389 diversely held, no one could aggregate those copyrights even if they tried. 444 00:30:54,389 --> 00:30:59,071 But we don't necessarily want to because having a project that's held diversely 445 00:30:59,071 --> 00:31:01,861 is extremely powerful and helpful. 446 00:31:01,861 --> 00:31:06,826 It keeps these power balances much more in check. 447 00:31:06,826 --> 00:31:13,351 At the same time, Debian has set up the Copyright Aggregation Programme with 448 00:31:13,351 --> 00:31:17,679 Conservancy, so we will aggregate copyrights with people who are interested 449 00:31:17,679 --> 00:31:22,336 in doing so, and that way we can help if there is a violation, it's easier to 450 00:31:22,336 --> 00:31:26,917 pursue it because if you have a diversely held project, and there's a violation, 451 00:31:26,917 --> 00:31:29,584 who's going to be the one to knock on the companies door? 452 00:31:29,584 --> 00:31:33,337 They're not going to take any one developer seriously enough, 453 00:31:33,337 --> 00:31:35,810 because it's such a small amount of code. 454 00:31:35,810 --> 00:31:38,773 So if we aggregate it together it means that not only do we empower 455 00:31:38,773 --> 00:31:40,924 a single steward that's going to be helpful, 456 00:31:40,924 --> 00:31:47,049 but it also enables someone with a single voice to be able to be able to speak for 457 00:31:47,049 --> 00:31:50,489 enforcement, to make sure the right thing is done for the project. 458 00:31:50,489 --> 00:31:57,964 To respect the diversely held copyrights we now also take enforcement agreements 459 00:31:57,964 --> 00:32:01,522 so that people want to have their copyrights enforced, we can do 460 00:32:01,522 --> 00:32:05,782 enforcement agreements in addition to plain old copyright stewardship. 461 00:32:05,782 --> 00:32:08,233 In many ways, it's the best of both worlds. 462 00:32:08,233 --> 00:32:11,705 I think that a lot of the things that Debian has done has made it such a unique 463 00:32:11,705 --> 00:32:14,153 community. 464 00:32:14,153 --> 00:32:21,605 I think that the way that are so many developers that are so independent 465 00:32:21,605 --> 00:32:24,620 and the way you come together and elect a single DPL is an 466 00:32:24,620 --> 00:32:28,668 amazing and unusual thing and I think is the reason why the Debian community has 467 00:32:28,668 --> 00:32:31,250 weathered the time so well, 468 00:32:31,250 --> 00:32:35,685 even though many companies are building on Debian for their products, 469 00:32:35,685 --> 00:32:39,205 the Debian community stays so strong, it's so independent, and it's so interesting 470 00:32:39,205 --> 00:32:41,766 and it's so unique. 471 00:32:41,766 --> 00:32:46,089 Another thing that I think we all need to pay attention to that can help tip that 472 00:32:46,089 --> 00:32:48,344 balance is with our employment agreements. 473 00:32:48,344 --> 00:32:50,988 How many people here have an employment agreement in place for what they're 474 00:32:50,988 --> 00:32:53,449 working on now? 475 00:32:53,449 --> 00:32:57,089 Wow, that's so low, it's only like a quarter of the people in here. 476 00:32:57,089 --> 00:33:00,452 I bet many of you actually have employment agreements that you don't realise 477 00:33:00,452 --> 00:33:07,810 that you have. 478 00:33:07,810 --> 00:33:15,168 So, I'll be a little bit faster on this to say that when you take a new job at a 479 00:33:15,168 --> 00:33:18,311 company you will generally asked to sign an employment agreement, and those 480 00:33:18,311 --> 00:33:21,020 employment agreements have been getting stronger and stronger and stronger 481 00:33:21,020 --> 00:33:21,972 over time. 482 00:33:21,972 --> 00:33:24,059 And they often ask for the world. 483 00:33:24,059 --> 00:33:31,144 They basically tell you to agree that everything that you do, not just within 484 00:33:31,144 --> 00:33:34,919 the context of your job, but at all during the time you're employed is owned by your 485 00:33:34,919 --> 00:33:36,519 company. 486 00:33:36,519 --> 00:33:38,727 AUDIENCE: It's actually illegal in Germany. 487 00:33:38,727 --> 00:33:42,207 KAREN: Yeah, so the different jurisdictions, some have some checks and 488 00:33:42,207 --> 00:33:45,467 balances but the lines on that aren't necessarily as clear as you think that 489 00:33:45,467 --> 00:33:49,753 they are, so it's all very, very fascinating stuff, but in any case, 490 00:33:49,753 --> 00:33:53,218 making sure that you have an agreement with your employer about working on free 491 00:33:53,218 --> 00:33:54,751 software is important. 492 00:33:54,751 --> 00:34:00,297 And making sure that you negotiate that and ask for more is essential. 493 00:34:00,297 --> 00:34:05,703 We at Conservancy are working on a project where we're publishing standard contract 494 00:34:05,703 --> 00:34:10,531 language so you can say "I would like provisions 1, 3 and 5" when you negotiate 495 00:34:10,531 --> 00:34:14,128 with an employer, and they can say "oh, we'd never take 5, but maybe we take 496 00:34:14,128 --> 00:34:17,261 1 and 3" — occasionally. 497 00:34:17,261 --> 00:34:20,527 And we're working with some companies so that they'll review it and they all say 498 00:34:20,527 --> 00:34:25,739 "We may never take these provisions, we may never let individuals hold their 499 00:34:25,739 --> 00:34:29,559 copyrights, but if we do the language looks like this" 500 00:34:29,559 --> 00:34:33,747 Asking companies if you can hold your own copyrights - some people do negotiate it. 501 00:34:33,747 --> 00:34:38,283 Some of those, I admit, are rock star developers, but some are not. 502 00:34:38,283 --> 00:34:47,399 If we all ask for it, if a lot of the talented developers that a company seeks 503 00:34:47,399 --> 00:34:50,805 to hire ask to keep their copyrights, 504 00:34:50,805 --> 00:34:55,145 or asks for the freedom to work on free and open source software, that's outside 505 00:34:55,145 --> 00:34:59,659 of their job, if we all ask for it, then some companies will start to bend, 506 00:34:59,659 --> 00:35:02,856 because they'll see it as a feature for recruiting talent. 507 00:35:02,856 --> 00:35:06,457 And together we can make a huge difference in the culture of this space and the 508 00:35:06,457 --> 00:35:08,114 bargaining power. 509 00:35:08,114 --> 00:35:11,266 Some people are advocating for unionised free software development, 510 00:35:11,266 --> 00:35:13,840 which is a very interesting notion, 511 00:35:13,840 --> 00:35:23,100 but I think that from a plain old normal way, It think it would be very interesting 512 00:35:23,100 --> 00:35:28,665 if we all started to ask about keeping our own copyrights and other provisions. 513 00:35:28,665 --> 00:35:32,422 So we're working to enable people to do that. 514 00:35:32,422 --> 00:35:35,256 Support the charitable non-profits. 515 00:35:35,256 --> 00:35:38,840 Think about — that’s very self serving, I know people are laughing. 516 00:35:38,840 --> 00:35:42,938 Or Keith is laughing… 517 00:35:42,938 --> 00:35:49,101 It's not just the Conservancys, it's the SPIs, right? 518 00:35:49,101 --> 00:35:54,254 It's all — now Bdale is nodding. (LAUGHTER) 519 00:35:54,254 --> 00:35:58,654 It's supporting the charitable structures around free and open source software 520 00:35:58,654 --> 00:36:03,286 because they are what are going to enable us to keep the interests of the community 521 00:36:03,286 --> 00:36:06,489 and the interest of society at heart. 522 00:36:06,489 --> 00:36:10,945 The Free Software Foundation, SPI, Conservancy, we're organisations that have 523 00:36:10,945 --> 00:36:16,073 a mission to support free and open source software, for freedom. 524 00:36:16,073 --> 00:36:18,906 And so keeping the charitable organisations strong 525 00:36:18,906 --> 00:36:26,794 is really essential and Conservancy in the last year shifted it's business 526 00:36:26,794 --> 00:36:31,229 model so we're now individually funded primarily rather than company funded 527 00:36:31,229 --> 00:36:34,874 and we've found that it's enabled us to be focused more on programmes that are 528 00:36:34,874 --> 00:36:37,644 important to community and important to society. 529 00:36:37,644 --> 00:36:41,193 If we were funded by companies, if we were a trade association, we could never do 530 00:36:41,193 --> 00:36:42,995 that in the same way. 531 00:36:42,995 --> 00:36:46,357 It's not that trade associations don't do good work, and it's not that they 532 00:36:46,357 --> 00:36:49,087 can't also be doing things in the public good, 533 00:36:49,087 --> 00:36:51,954 it's just it's not their focus. 534 00:36:51,954 --> 00:36:57,038 So I would say, really, you're all so awesome for being at DebConf and for being 535 00:36:57,038 --> 00:36:59,237 involved in the Debian community. 536 00:36:59,237 --> 00:37:04,234 Debian is so unique and so focused on freedoms, so stay focused on freedom. 537 00:37:04,234 --> 00:37:08,728 It's the most amazing thing and together, we can make the world better 538 00:37:08,728 --> 00:37:13,012 and not in an ironic, hilarious way. 539 00:37:13,012 --> 00:37:18,055 I'm happy to announce that due to a generous donation by an anonymous 540 00:37:18,055 --> 00:37:24,717 donor, anyone at DebConf who signs up as a Conservancy supporter will be matched. 541 00:37:24,717 --> 00:37:28,104 So it's a really good time if you're — I don't want to give a sales pitch but — 542 00:37:28,104 --> 00:37:34,513 (LAUGHTER) but it's a good time, because someone who's here, who cares passionately 543 00:37:34,513 --> 00:37:38,833 about software freedom is going to match that donation. 544 00:37:38,833 --> 00:37:43,369 Anyway, so does anyone have any questions? Do we have time for questions? 545 00:37:43,369 --> 00:37:46,356 MICHAEL: Thanks Karen for that talk. KAREN: Thank you very much. 546 00:37:46,356 --> 00:37:50,716 (APPLAUSE) 547 00:37:50,716 --> 00:37:56,881 MICHAEL: We started a bit late so we have time for a few questions. 548 00:38:00,422 --> 00:38:16,841 GUNNAR: My question is more pulled by what Aba said. You mentioned a lot of work 549 00:38:16,841 --> 00:38:25,625 from the Software Freedom Conservancy and benefits regarding the work you are doing 550 00:38:25,625 --> 00:38:36,590 in a community such as ours but do you work with similar groups, not focused 551 00:38:36,590 --> 00:38:43,086 in the US? Because I mean the rules are different everywhere, and I'm sure it will 552 00:38:43,086 --> 00:38:47,560 be very hard for you personally to litigate here, or whatever. 553 00:38:47,560 --> 00:38:51,749 KAREN: Yes, I'm a US lawyer admitted to practice in the state of New York, not 554 00:38:51,749 --> 00:38:53,807 anywhere else. 555 00:38:53,807 --> 00:38:57,757 This is not legal advice and I am not your lawyer. (LAUGHTER) 556 00:38:57,757 --> 00:39:01,197 However, free software is global. 557 00:39:01,197 --> 00:39:07,644 You can't simply have a US focus and work in free software, so we're focused on a 558 00:39:07,644 --> 00:39:11,122 lot of different jurisdictions. Obviously, we're focused in places that a lot of us 559 00:39:11,122 --> 00:39:20,195 are, so our programmes where we have enforcement agreements and assignment 560 00:39:20,195 --> 00:39:25,014 agreements like for the Linux kernel or Debian, we obviously work with lawyers 561 00:39:25,014 --> 00:39:31,238 in those places too, so we have a European agreement for assignment now. 562 00:39:31,238 --> 00:39:36,009 We're a US entity, so that it means that to the extent that we're taking copyright 563 00:39:36,009 --> 00:39:40,174 from developers, we're going to hold them in the US because we are in the US. 564 00:39:40,174 --> 00:39:48,284 But we have function abroad, we function everywhere and we, for example, don't have 565 00:39:48,284 --> 00:39:52,574 any South African lawyers we've been working with, but whenever there's a place 566 00:39:52,574 --> 00:39:56,840 for someone who's very interested in, and there's enough of an interest that it 567 00:39:56,840 --> 00:40:01,566 would be worth the expenditure, we look to experts from those places. 568 00:40:01,566 --> 00:40:06,337 I think that you simply can't just think about the US. 569 00:40:06,337 --> 00:40:13,160 However, it's interesting that for better or for worse, a lot of the countries have 570 00:40:13,160 --> 00:40:18,115 followed the US in a lot of policy and often that's for worse. 571 00:40:18,115 --> 00:40:22,203 In many places the patent regimes have followed the US. 572 00:40:22,203 --> 00:40:26,463 I think that a lot of the charitable structures as well. 573 00:40:26,463 --> 00:40:33,288 So for example the Food and Drug Administration's review in the US over my 574 00:40:33,288 --> 00:40:36,806 medical device - I used to when I gave a talk about medical devices, I would do a 575 00:40:36,806 --> 00:40:40,950 lot of research into the local place's Food and Drug Administration and review 576 00:40:40,950 --> 00:40:44,741 processes, but every place I went to it was the same. 577 00:40:44,741 --> 00:40:50,531 They didn't review the software. So most of the big ideological issues are the same 578 00:40:50,531 --> 00:40:54,195 from place to place, and for details we work with partners. 579 00:40:55,443 --> 00:41:07,212 PHIL: When you were talking about retaining copyright, a company I was 580 00:41:07,212 --> 00:41:14,382 working for was doing some work for a phone manufacturer in in 2000, and the 581 00:41:14,382 --> 00:41:20,335 idea of retaining copyright really wasn't happening. So, as a fallback position we 582 00:41:20,335 --> 00:41:25,498 suggested to them that if we were modifying existing projects that were 583 00:41:25,498 --> 00:41:30,482 under copyleft licences, obviously we would have to comply with those licences 584 00:41:30,482 --> 00:41:36,779 and that we'd like to retain the copyright in that instance, and they went for that 585 00:41:36,779 --> 00:41:41,642 and then once you've got an agreement like that, it's not so difficult to persuade 586 00:41:41,642 --> 00:41:45,263 someone to upload a project that hasn't got very much in it, under a license, 587 00:41:45,263 --> 00:41:47,995 and then fork it immediately. (LAUGHTER) 588 00:41:47,995 --> 00:41:52,349 KAREN: Early is really important. Making these decisions early is so essential. 589 00:41:52,349 --> 00:41:55,518 You can never turn back the clock. 590 00:41:55,518 --> 00:42:00,460 You'll ever have as much power as the day a company is trying to recruit you. 591 00:42:00,460 --> 00:42:04,012 Once they have decided to hire you, before they have actually entered into an 592 00:42:04,012 --> 00:42:07,324 agreement with you, before you've come on staff, they never want to hire you as much 593 00:42:07,324 --> 00:42:10,022 as in that moment, because they've gone through the whole search, 594 00:42:10,022 --> 00:42:13,793 they've decided you're the one for them, the process is over, 595 00:42:13,793 --> 00:42:16,462 they just want to get the paper work done. And that's the time. 596 00:42:16,462 --> 00:42:19,377 And even though you may think that it'll blow up the deal, it won't. 597 00:42:19,377 --> 00:42:21,681 You can always blame me. You can say: 598 00:42:21,681 --> 00:42:27,204 "A lawyer told me I need to do these things", and then they'll say: 599 00:42:27,204 --> 00:42:30,683 "Well, we never do that", and you can gauge the interest. 600 00:42:30,683 --> 00:42:37,107 If you're nice about it and not adversarial about it, then it's fine. 601 00:42:38,813 --> 00:42:48,904 [Question via IRC from Mexico]: Karen, what do you think about the latest Oracle 602 00:42:48,904 --> 00:42:53,177 and Google law fight about Java and the GPL? (LAUGHTER) 603 00:42:53,177 --> 00:42:57,638 KAREN: I'm recording an oggcast Free as in Freedom about the whole issue, it would 604 00:42:57,638 --> 00:43:02,399 take a long time to discuss it, so more to come on that. 605 00:43:02,399 --> 00:43:05,501 MICHAEL: Any more questions? 606 00:43:06,423 --> 00:43:11,874 STEVE: Echoing the thing about employment agreements, my experience in the UK, 607 00:43:11,874 --> 00:43:16,858 I'm sure it's similar elsewhere is companies will just try things on. 608 00:43:16,858 --> 00:43:20,909 There'll be a whole load of things in most employment agreements that are strictly 609 00:43:20,909 --> 00:43:25,669 not enforceable and probably illegal in many jurisdictions, but they'll put them 610 00:43:25,669 --> 00:43:30,200 in anyway. It's just a case of talking through it — they're negotiations, they're 611 00:43:30,200 --> 00:43:37,591 not fixed terms, every employment contract is different, it's entirely up to you to 612 00:43:37,591 --> 00:43:43,768 talk about it. I work for a company that self identifies as an IP company, so I 613 00:43:43,768 --> 00:43:48,782 just scribbled out the thing that says they own everything I do, and it caused 614 00:43:48,782 --> 00:43:51,374 no hassle. It's no problem. 615 00:43:51,374 --> 00:43:55,879 KAREN: Yeah, people think that because they're given a contract and it looks very 616 00:43:55,879 --> 00:44:01,078 official that it's fixed and there's no chance to edit it, but it's almost never 617 00:44:01,078 --> 00:44:06,561 true. There are some companies who would rather walk away from employing you than 618 00:44:06,561 --> 00:44:12,034 editing their employment agreement, but they're the exception rather than the rule. 619 00:44:12,034 --> 00:44:16,650 Because a lot of companies will negotiate it, there's a lot of room there and if it 620 00:44:16,650 --> 00:44:21,887 becomes more standard, if more developers ask, more employees ask for edits to the 621 00:44:21,887 --> 00:44:25,944 employment contract, and especially if they all ask for it in the same way, 622 00:44:25,944 --> 00:44:32,365 then it's generally true in contract negotiations that when you negotiate with 623 00:44:32,365 --> 00:44:36,159 someone you ask for way more than you want because you want to be able to come down. 624 00:44:36,159 --> 00:44:40,986 So often it's built in to these contracts provisions that companies know they're 625 00:44:40,986 --> 00:44:45,510 willing to move from, and if you ask them to move on something else they'll say: 626 00:44:45,510 --> 00:44:49,879 "Well, we can't move on that, but we have this other provision we could give you" 627 00:44:49,879 --> 00:44:54,716 And so, the chances are you're not getting the best deal that's already available 628 00:44:54,716 --> 00:44:57,303 to you if you haven't asked. 629 00:44:57,303 --> 00:45:01,168 MICHAEL: I think we should move on now as we're running out of time. 630 00:45:01,168 --> 00:45:04,868 Karen will be around at DebConf until Thursday I think, so talk to her if you 631 00:45:04,868 --> 00:45:12,510 have any more questions or comments. 632 00:45:12,510 --> 00:45:17,562 (APPLAUSE)